{"id":376,"date":"2025-07-07T00:05:00","date_gmt":"2025-07-07T00:05:00","guid":{"rendered":"https:\/\/www.yourtechupdates.com\/?p=3295"},"modified":"2025-07-07T00:05:00","modified_gmt":"2025-07-07T00:05:00","slug":"microsoft-criminals-can-access-accounts-without-your-password","status":"publish","type":"post","link":"https:\/\/nyetechnologysolutions.com\/?p=376","title":{"rendered":"Microsoft: Criminals can access your accounts without your password"},"content":{"rendered":"<div style=\"padding:56.25% 0 0 0;position:relative;\"><iframe class=\"fitvidsignore\" src=\"https:\/\/player.vimeo.com\/video\/1078243635?badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media\" style=\"position:absolute;top:0;left:0;width:100%;height:100%;\" title=\"USJul25 - Tech update video 1 ready to use\"><\/iframe><\/div>\n<p><script src=\"https:\/\/player.vimeo.com\/api\/player.js\"><\/script><\/p>\n<p>Have you ever felt like just when you\u2019ve nailed your cybersecurity \u2013 BAM! \u2013 something new comes along to throw a spanner in the works?<\/p>\n<p>That\u2019s exactly what\u2019s happening right now.<\/p>\n<p>There\u2019s a new scam doing the rounds. And it\u2019s catching out businesses just like yours.<\/p>\n<p>The worst part?<\/p>\n<p>Cybercriminals don\u2019t even need your password.<\/p>\n<p>Scary\u2026<\/p>\n<p>It\u2019s called device code phishing. It\u2019s a clever trick that\u2019s becoming more and more popular. Microsoft recently flagged a wave of these attacks, and we\u2019re likely to see many more.<\/p>\n<p>This one\u2019s different to the usual phishing scams you\u2019ve probably heard about. Normally, phishing is all about tricking people into giving away their usernames and passwords on fake websites.<\/p>\n<p>But with device code phishing, scammers play a smarter game.<\/p>\n<p>Instead of stealing your password, they get you to voluntarily give them access to your account. And they do it using real Microsoft login pages, so it looks totally legit.<\/p>\n<p>It usually starts with a convincing email. Maybe it looks like it\u2019s from your HR person, or a colleague, inviting you to a Microsoft Teams meeting. You click the link, and it takes you to a real Microsoft login screen.<\/p>\n<p>Nothing seems out of place.<\/p>\n<p>You\u2019re asked to enter a code. Just a short one, called a \u201cdevice code.\u201d This code is supplied in the email, and you\u2019re told it\u2019s needed to join the meeting or finish logging in.<\/p>\n<p>Here\u2019s the catch: By entering that code, you\u2019re not logging yourself in\u2026 you\u2019re logging <em>them<\/em> in.<\/p>\n<p>You\u2019re unknowingly giving the attacker access to your Microsoft account on their device. And because the login goes through the proper channels, it can even bypass multi-factor authentication (MFA).<\/p>\n<p>Yep, even if you\u2019ve got extra security in place, they might still get in.<\/p>\n<p>Once they\u2019re in, they can do a lot of damage. Reading your emails, accessing your files, even using your account to trick others in your company. It\u2019s like handing over the keys to your office and you don\u2019t even realize it.<\/p>\n<p>It\u2019s dangerous because it doesn\u2019t look suspicious. You\u2019re on a real Microsoft site, not some suspicious fake. You didn\u2019t click a weird link or enter your password into a phishing form. Everything looks above board\u2026 except it\u2019s not.<\/p>\n<p>And because attackers are using legitimate Microsoft login flows, traditional security tools don\u2019t always catch it.<\/p>\n<p>Plus, once they\u2019re in, they can stay in. They don\u2019t need to keep logging in if they\u2019ve captured your session token (that\u2019s a sort of digital &#8220;pass&#8221; that keeps you logged in behind the scenes). So even changing your password won\u2019t necessarily kick them out right away.<\/p>\n<p>A big question then: How can you protect your business?<\/p>\n<p>Start by getting your team to be extra cautious with login requests. Especially ones that involve entering codes. If you get a device code from someone, stop and think: Did I request this? Do I know for sure this is real?<\/p>\n<p>If you\u2019re not sure, don\u2019t go through with it. Use a separate method, like a direct phone call or your company\u2019s messaging system, to double-check with the person who sent the email.<\/p>\n<p>Remember, real Microsoft logins don\u2019t involve someone else giving you a code to enter. If that ever happens, it\u2019s a red flag.<\/p>\n<p>From a technical side, your IT team (or IT provider) can also tighten things up. If your business doesn\u2019t need device code login as part of its daily operations, it\u2019s safest to turn it off altogether. They can also put in place extra security rules that only allow logins from trusted locations or devices.<\/p>\n<p>And finally, keep training your people. Good cybersecurity is about awareness. If your team knows what to look out for, they\u2019re much less likely to fall for these kinds of tricks. Can we help you tighten up your security? Get in touch<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just when you think you\u2019ve got cybersecurity sorted for your business, a new scam comes along. This time, cybercriminals don\u2019t even need to trick you out of your password to access your accounts\u2026 they can fool you with something called a \u201cdevice code\u201d.<\/p>\n","protected":false},"author":1,"featured_media":377,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[5],"tags":[],"class_list":["post-376","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information"],"_links":{"self":[{"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=\/wp\/v2\/posts\/376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=376"}],"version-history":[{"count":0,"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=\/wp\/v2\/posts\/376\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=\/wp\/v2\/media\/377"}],"wp:attachment":[{"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nyetechnologysolutions.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}