Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishing toolkit that’s being offered as-a-service via Telegram. What is device code phishing? Device code phishing is a type of attack where attackers trick users into logging into their account by using a real authentication flow, then steal their access and refresh tokens. Microsoft provides the … More
The post EvilTokens ramps up device code phishing targeting Microsoft 365 users appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: