Device Code Phishing Attacks Surge 37 Times Online

Post Views: 8

Device Code Phishing Attacks Surging: A Growing Threat

Malicious actors have significantly increased their use of device code phishing attacks, exploiting the OAuth 2.0 device authorization grant flow to hijack user accounts.

Rise in Device Code Phishing Attacks

The number of device code phishing attacks has surged more than 37 times since the beginning of the year, according to research by security experts.

According to researchers, “device code phishing technique involves sending a device authorization request to a service provider and receiving a code, which is then shared with the victim under false pretenses.”

The victim is tricked into entering the code on a legitimate login page, thereby authorizing the attacker’s device to access the account through valid access and refresh tokens.

EvilTokens: A Prevalent Phishing Kit

One such kit, identified as EvilTokens, has been found to be particularly prevalent. Experts warn that device code phishing attacks are becoming increasingly sophisticated, with attackers using realistic Software as a Service (SaaS)-themed lures, anti-bot protections, and cloud platforms for hosting.

Disabling the device authorization flow when not needed
Implementing conditional access policies on user accounts

To stay safe, users should be cautious when prompted to enter codes or authorize device access, especially if they did not initiate the request.

Preventive Measures

As the number of device code phishing attacks continues to rise, it is essential for users and organizations to remain vigilant and take proactive measures to protect themselves against these threats.