Cybercriminals have come up with a new way to scam you by using device codes, which are numeric codes that allow you to log into the same account using multiple devices.
You may have used these codes in the past. If you’ve ever attempted to log in to a streaming service such as Netflix from your TV, your TV will display a numeric code that you can enter on your phone. Once you enter the code on your phone, your TV will be automatically logged in to your Netflix account, without needing to log in each time you watch. In this scam, you receive an email or text message with a device code.
The message instructs you to click a link and log in using the code. However, the message you received was actually sent by a cybercriminal. They attempt to log in to your account, which generates the device code. They send the code to you, and if you use it to log in, the cybercriminal will gain control of your account. This code allows them to access your private information from their device. In this situation, the device code allows logins from multiple devices, but one of them belongs to a cybercriminal.
Follow these tips to avoid falling victim to a device code phishing scam:
Never attempt to log in with a device code you did not request. Remember, a genuine device code will only be sent to you if you start the login process.
Use multi-factor authentication (MFA) on your accounts. MFA requires you to provide extra identification when logging in, and it can help you keep your account more secure.
If you receive any suspicious messages, always report them by following your organization’s reporting process.
A vigilant workforce is the most effective defense against these attacks. Reach out to access training and simulations that empower your team to recognize and respond to attacks like this one.
