Device Code Phishing Attacks

Attackers are using a new phishing technique that exploits OAuth2 Device Authorization Grant (a protocol that lets devices log in by directing users to a website to authorize access) to trick users into granting them access to data, especially as organizations adopt passwordless authentication methods like hardware tokens. The attack begins when an attacker initiates a device code flow by sending a request to a service provider's device code endpoint, such as Microsoft's Azure AD (active directory, a system that manages user identities and permissions).