
New Microsoft 365 Phishing Attack Uses Real Login Pages to Steal Access
Attackers are exploiting Microsoft's legitimate device login system to trick users into granting account access without fake websites or traditional warning signs.
Source
GetCyberRight Intelligence
Original headline: M365 Device Code Phishing Uses Real Microsoft Pages
Plain-English summary by GetCyberRight. Read the full report at the source above.
A New Kind of Microsoft Phishing That's Harder to Spot
Cybercriminals have found a clever way to steal Microsoft 365 accounts without creating fake login pages. They're exploiting a legitimate Microsoft feature called device code authentication, which means victims interact with real Microsoft websites throughout the entire scam. This makes the attack extremely difficult to detect using traditional phishing awareness techniques.
The Details: How This Attack Works
Here's what makes this attack different. Normally, phishing attacks direct you to fake websites that look like Microsoft but aren't. Security experts have taught us to check the URL and look for suspicious signs. This new attack throws that advice out the window.
The scam starts with an email or message asking you to approve a login request. When you click the link, you're taken to an actual Microsoft page at microsoft.com/devicelogin. Everything looks legitimate because it is legitimate. You enter a code provided by the attacker, thinking you're helping with something work-related or verifying your own account.
What you're actually doing is giving the attacker permission to access your Microsoft 365 account. The device code feature was designed to help people log into devices like smart TVs or gaming consoles. Attackers have weaponized this helpful feature to bypass security measures. Once you enter that code, they gain full access to your email, files, and everything else in your Microsoft account.
Who Is Affected
This attack primarily targets working professionals who use Microsoft 365 for their jobs. If you use Outlook, Teams, OneDrive, or SharePoint at work, you're a potential target. The attackers often pose as IT support, HR departments, or trusted colleagues requesting urgent action.
Small business owners and their employees face particular risk. Many smaller organizations lack dedicated IT security teams to warn employees about emerging threats. Remote workers are also vulnerable since they're accustomed to logging in from various locations and devices, making suspicious login requests seem more normal.
What You Should Do Right Now
Never enter device codes sent to you via email or messages. Device codes should only be used when you personally initiated a login on your own device, like signing into Netflix on your TV.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Contact your IT department directly if you receive any message asking you to approve a login or enter a device code. Use a phone number or email you already have, not contact information provided in the suspicious message.
Enable multi-factor authentication (MFA) on your Microsoft 365 account if you haven't already. Go to your account security settings and turn on two-step verification. This adds a critical extra layer of protection.
Review your Microsoft account's recent activity at account.microsoft.com/activity. Look for unfamiliar sign-ins or devices. If you see anything suspicious, change your password immediately and sign out all sessions.
Educate your family and coworkers about this specific threat. Share this information, especially with anyone who works remotely or handles sensitive business information.
The Bigger Picture
This attack represents a troubling evolution in phishing tactics. Cybercriminals are increasingly exploiting legitimate features of trusted platforms rather than creating obvious fakes. Traditional security advice like checking URLs and looking for spelling errors becomes useless when the websites are actually real. Staying informed about these emerging tactics is no longer optional. It's essential for protecting your professional and personal digital life.
How GetCyberRight Can Help
GCR Scam Guard provides an important defense layer against sophisticated attacks like device code phishing. The tool helps detect suspicious collaboration requests and phishing attempts before you interact with them, catching warning signs that might not be obvious to the average user. By analyzing the context and patterns of incoming requests, GCR Scam Guard can flag potentially malicious messages that exploit legitimate platforms, giving you a heads-up before you click that dangerous link or enter that device code.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
FBI Surveillance System Hacked: What Families Need to Know Now
A 2026 breach of FBI surveillance systems reveals how vulnerable even secure government networks are. Here's what it means for your family's data.
3 min readFBI Surveillance System Hacked: What Families Need to Know
The FBI's surveillance infrastructure was compromised in 2026's worst breach so far. Here's what it means for your family's safety and privacy.
3 min read
New Microsoft 365 Phishing Attack Bypasses Fake Login Pages Entirely
Cybercriminals are exploiting Microsoft's legitimate device login system to steal M365 accounts. This clever attack doesn't need fake websites to work.
3 min read
GitHub Flaw Let Attackers Steal Code From Private Projects
A newly patched vulnerability called GitLost allowed hackers to access private code repositories through a simple trick involving public issues.
4 min read