CP
cyberpings
FraudHIGH

Device Code Phishing - Attacks Surge 37 Times in 2026

Featured image for Device Code Phishing - Attacks Surge 37 Times in 2026
BCBleepingComputer
OAuthEvilTokensPhishing-as-a-ServicePhishing KitPush Security
🎯

Basically, hackers are tricking people into giving them access codes to their accounts.

Quick Summary

Device code phishing attacks have skyrocketed this year, with a 37x increase. Users of IoT and streaming devices are particularly at risk. New phishing kits like EvilTokens are making these attacks easier for cybercriminals. Stay alert and protect your accounts.

What Happened

Device code phishing attacks have seen a staggering increase of 37 times this year. These attacks exploit the OAuth 2.0 Device Authorization Grant flow, allowing cybercriminals to hijack user accounts by tricking victims into entering access codes on legitimate login pages.

In this scheme, attackers send a device authorization request to a service provider, receive a code, and then convince the victim to enter this code. Once the victim does this, the attacker gains access to the account through valid tokens.

Who's Affected

This surge affects a wide range of users, particularly those using devices with limited input options, such as IoT devices, smart TVs, and streaming devices. As more people connect these devices to their accounts, the risk of falling victim to these phishing attacks increases.

What Data Was Exposed

While specific data breaches from these attacks may vary, the potential for unauthorized access to sensitive personal information is significant. Victims may unknowingly grant attackers access to their accounts, leading to further exploitation of personal data.

The Threat

Researchers at Push Security have noted that the increase in device code phishing is largely due to the emergence of phishing kits like EvilTokens. This kit has made it easier for low-skilled cybercriminals to launch sophisticated attacks. The research highlighted a 15x increase in phishing pages detected in early March, which has now escalated to 37.5x.

Tactics & Techniques

The EvilTokens kit is a prime example of how these attacks have been democratized. Other kits like VENOM, SHAREFILE, and CLURE are also gaining traction, offering various methods to exploit device code flows. These kits use realistic lures and anti-bot protections to increase their effectiveness.

Defensive Measures

To protect against device code phishing attacks, users are advised to:

  • Disable the OAuth flow when not needed by setting conditional access policies.
  • Monitor logs for any unexpected device code authentication events or unusual IP addresses.
  • Stay informed about the latest phishing techniques and be cautious about entering codes received via unsolicited requests.

Conclusion

The rise in device code phishing attacks represents a significant threat to users and their data security. As cybercriminals continue to refine their tactics and tools, it is crucial for individuals and organizations to remain vigilant and proactive in their defense strategies.

🔒 Pro insight: The rapid proliferation of phishing kits like EvilTokens indicates a shift towards more accessible cybercrime tactics, necessitating enhanced user awareness and security measures.

Original article from

BCBleepingComputer· Bill Toulas
Read Full Article

Share

Related Pings

HIGHFraud

Job Scams - Coca-Cola and Ferrari Offers Are Traps

Scammers are impersonating Coca-Cola and Ferrari with fake job offers to steal your passwords. Job seekers are at high risk as these scams become more sophisticated. Protect your personal information by verifying job offers directly with companies.

Malwarebytes Labs·
HIGHFraud

FCC Proposes $4.5 Million Fine for Voxbeam's Fraudulent Calls

The FCC is proposing a hefty fine against Voxbeam for allowing fraudulent calls to reach American consumers. This could lead to stricter regulations on voice service providers. Stay alert to protect your personal information from scams.

The Record·
HIGHFraud

Windows Extortion Plot - Engineer Pleads Guilty to Charges

A former engineer has pleaded guilty to locking Windows admins out of servers in an extortion scheme. This incident underscores the risks of insider threats. Rhyne's actions could lead to a 15-year prison sentence. Companies must strengthen their cybersecurity measures to prevent similar attacks.

BleepingComputer·
MEDIUMFraud

Business Email Compromise - The New Threat Landscape Explained

A recent fraud attempt shows how business email compromise is evolving. Small organizations are now prime targets for these scams. Awareness is key to staying safe.

Cisco Talos Intelligence·
HIGHFraud

Vacant Homes - Adversaries Exploit Mail for Fraud

Criminals are exploiting vacant homes to intercept mail and commit fraud. This method targets sensitive information, leading to identity theft. Stay vigilant and monitor your mail to protect yourself.

BleepingComputer·
HIGHFraud

Customer Authentication - Why Are They Sending Money to Scammers?

Fraud expert Lenny Gusel reveals how separating identity management from fraud detection increases risks. Customers can still be scammed even after authentication. Integrating these systems is crucial for security.

Help Net Security·