🚨 A New Cyber Scam You Need to Know About – From Your IT Team at Deycom 🚨
Just when you think your cyber security is all locked down – BAM! – something new pops up to catch you off guard.
That’s exactly what we’re seeing now.
There’s a new scam doing the rounds, and it’s catching out businesses right here in Ireland. The worst part?
The attackers don’t even need your password.
It’s called device code phishing, and it’s a clever trick that’s becoming more and more common. Microsoft recently flagged a surge in these attacks – and we’re expecting to see even more.
Unlike typical phishing scams (which try to steal your password with fake login pages), device code phishing is sneakier.
Here’s how it works:
🔹 You get an email that looks like it’s from a colleague or HR, inviting you to a Teams meeting or asking you to log in urgently.
🔹 You click the link, and it brings you to a genuine Microsoft login page — so you think it’s safe.
🔹 You’re asked to enter a “device code” that was included in the email.
But here’s the catch: by entering that code, you’re not logging yourself in… you’re logging in the attacker on their device.
Once inside, they can read your emails, access files, and even impersonate you to trick others in your business. Because they’re using real Microsoft login flows, they can even slip past multi-factor authentication (MFA).
And changing your password? It won’t always kick them out straight away, since they may have already captured a session token to stay logged in.
What can you do to protect your business?
✅ Be extra cautious with unexpected login requests, especially those involving codes. If you receive a device code, stop and think: Did I request this? Is it from someone I trust?
✅ Double-check requests using a separate method — call the person or message them directly.
✅ Remember: Microsoft logins should never involve entering a code that someone else sends you.
✅ Ask your IT team (or us!) to review whether device code logins are necessary in your environment. If not, they should be disabled. We can also help enforce policies that only allow logins from trusted locations and devices.
At Deycom, we’re here to help keep your business secure. Our team stays on top of the latest threats so you don’t have to worry.
If you’d like to review your security setup or run a staff awareness session, get in touch with us today. Let’s make sure you’re protected against the latest tricks.