What is Device Code Phishing?
Device code phishing doesn’t hack its way in. It uses a legitimate authentication flow to walk right through the front door, with no password required, MFA bypassed, and session tokens handed straight to the attacker. The Huntress Security Operations Center (SOC) caught it hitting more than 340 organizations in a matter of weeks and immediately cut off the attackers’ access across every partner environment they could reach.
Shady? Absolutely. Rare? Not even close. Hit play to see exactly how it works and better defend your identities.
“Identity used to be about passwords and MFA. In the cloud, it’s sessions, tokens, and apps — and that’s where most teams are behind.”
– Jenko Hwong, Principal Product Researcher, Identity Threat Detection and Response (ITDR)
[PH] Learn More About Phishing
[PH] Huntress delivers everything you want from a security tool, all designed with the unique needs of outsourced IT and security teams in mind.
[PH] Phishing attempts can show up as messages from your bank, your boss, your utility providers, or even the government. One click from one user can compromise an entire network and inadvertently let hackers deploy ransomware, steal information, or worse.
[PH] The median time it takes for a user to click a link and enter information is less than 60 seconds. With a turnaround time that quick, it's no wonder phishing is one of the preferred methods used by hackers. (2024 Verizon Data Breach Report)
