Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishing toolkit that’s being offered as-a-service via Telegram. What is device code phishing? Device code phishing is a type of attack where attackers trick users into logging into their account by using a real authentication flow, then steal their access and refresh tokens. Microsoft provides the … More →
The post EvilTokens ramps up device code phishing targeting Microsoft 365 users appeared first on Help Net Security.
http://news.poseidon-us.com/TRp6DV
