Device Code Phishing Surges 37x Amidst Spreading Attack Kits
Cybercriminals are increasingly leveraging device code phishing tactics, with a staggering 37-fold increase observed in such attacks. This surge is directly linked to the proliferation of new, sophisticated phishing kits readily available online. These kits streamline the creation and deployment of deceptive login pages, often mimicking legitimate services, to trick users into divulging sensitive authentication codes.
The attackers exploit the trust users place in multi-factor authentication (MFA) by prompting them to enter one-time passcodes (OTPs) or device verification codes directly into fake input fields. Once obtained, these codes bypass MFA protections, granting attackers unauthorized access to user accounts. The ease with which these kits can be acquired and utilized lowers the barrier to entry for malicious actors, contributing to the widespread nature of this threat.
What This Means For You
- Security teams should prioritize implementing and rigorously testing out-of-band authentication methods or push notifications that require explicit user approval on a trusted device, rather than relying solely on one-time passcodes entered on the potentially compromised device.
Related coverage
Microsoft 365 Organizations Hit by EvilTokens Phishing-as-a-Service
A new phishing-as-a-service (PhaaS) platform, EvilTokens, emerged in February 2026, rapidly compromising over 340 Microsoft 365 organizations across five countries within its first five weeks,...
Phishing Detection Gap: Beyond the Click to Business Disruption
Many Security Operations Centers (SOCs) are still struggling with a critical gap: phishing emails that appear clean enough to bypass initial security layers, yet are...
Ghostwriter Targets Ukrainian Government with Geofenced PDF Phishing
The Belarus-aligned threat group, Ghostwriter, has launched a new wave of attacks against Ukrainian governmental organizations, according to The Hacker News. Active since at least...