
New Microsoft 365 Phishing Attack Bypasses Fake Login Pages Entirely
Cybercriminals are exploiting Microsoft's legitimate device login system to steal M365 accounts. This clever attack doesn't need fake websites to work.
Source
GetCyberRight Intelligence
Original headline: M365 Device Code Phishing Active Now
Plain-English summary by GetCyberRight. Read the full report at the source above.
What's Happening Right Now
A sophisticated phishing campaign is actively targeting Microsoft 365 users with a technique that completely bypasses the need for fake login pages. Attackers are exploiting Microsoft's legitimate device code authentication system to gain access to work and personal accounts. This is happening now, and many users won't recognize the warning signs because everything looks official.
The Details
Here's how this attack works. You receive an email or message asking you to review a shared document, approve a collaboration request, or verify your account. The message includes a code and directs you to visit Microsoft's real login page at microsoft.com/devicelogin.
When you enter the code on Microsoft's actual website and sign in with your real credentials, you're unknowingly giving the attacker full access to your account. The device code feature was designed to help people log into apps on smart TVs and other devices without keyboards. Criminals have turned this helpful feature into a weapon.
The scariest part is that everything in this process is legitimate. You're visiting Microsoft's real website, not a fake copy. You're using your real password. Microsoft's systems are working exactly as designed. The only malicious element is the code itself, which connects your login to the attacker's device instead of a legitimate service.
Who Is Affected
This campaign primarily targets professionals and business users with Microsoft 365 accounts. If you use Outlook, Teams, OneDrive, or SharePoint for work, you're in the crosshairs. Remote workers who frequently receive collaboration requests are especially vulnerable because these messages blend in with normal work communication.
Small business owners and their employees face particular risk. Many smaller organizations lack dedicated IT security teams to spot and block these attacks before they reach inboxes. Anyone who regularly shares documents or collaborates with clients and partners should be on high alert.
What You Should Do Right Now
Never enter a device code unless you initiated the login yourself. If you didn't personally try to connect a new device or app within the last few minutes, don't enter any code.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Examine collaboration requests carefully. Before clicking any link about shared documents, verify the sender through a separate communication channel like a phone call or text message.
Enable multi-factor authentication on your Microsoft 365 account if you haven't already. Go to account.microsoft.com, select Security, and set up additional verification methods.
Check your account's connected devices regularly. Visit account.microsoft.com/devices and remove anything you don't recognize. Do this monthly.
Report suspicious device code requests to your IT department immediately if you work for an organization. If you're an individual user, report them to Microsoft through their security response center.
The Bigger Picture
This attack represents a troubling evolution in phishing tactics. Criminals are moving beyond fake websites and exploiting the legitimate tools we use every day. As companies add convenience features to improve user experience, attackers find creative ways to weaponize them. Staying informed about these emerging threats isn't optional anymore. It's essential protection for your digital life and livelihood.
How GetCyberRight Can Help
Our GCR Scam Guard tool actively monitors for suspicious collaboration request patterns and unusual device code activity. When you receive a message asking you to approve a device code, Scam Guard analyzes the request context and warns you before you take action. It adds an intelligent layer of protection between you and these sophisticated attacks, giving you the information you need to make safe decisions. Think of it as having a cybersecurity expert looking over your shoulder, but without the awkwardness.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
FBI Surveillance System Hacked: What Families Need to Know Now
A 2026 breach of FBI surveillance systems reveals how vulnerable even secure government networks are. Here's what it means for your family's data.
3 min readFBI Surveillance System Hacked: What Families Need to Know
The FBI's surveillance infrastructure was compromised in 2026's worst breach so far. Here's what it means for your family's safety and privacy.
3 min read
New Microsoft 365 Phishing Attack Uses Real Login Pages to Steal Access
Attackers are exploiting Microsoft's legitimate device login system to trick users into granting account access without fake websites or traditional warning signs.
4 min read
GitHub Flaw Let Attackers Steal Code From Private Projects
A newly patched vulnerability called GitLost allowed hackers to access private code repositories through a simple trick involving public issues.
4 min read