Microsoft 365 Phishing Scam Spreads Across Five Countries
Cybersecurity experts are warning of a widespread email scam targeting Microsoft 365 accounts across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. First spotted on February 19, 2026, the campaign has been rapidly spreading.
How it works:
- Attackers send convincing fake emails to trick users.
- Victims are directed to pages that appear to be official Microsoft login screens, where they are asked to enter a code.
- Once entered, these codes give the attackers ongoing access to accounts—even if passwords are changed.
Industries affected include construction, healthcare, legal services, finance, real estate, and government.
Experts say the scam is particularly dangerous because it uses real Microsoft login systems, making it hard to spot. Organizations and individuals are advised to take precautions.
How to Protect Yourself and Your Organization:
- Check for suspicious logins in your Microsoft 365 account activity.
- Revoke any access tokens or refresh tokens if a compromise is suspected.
- Be cautious with emails asking you to enter codes or click links, even if they look official.
- Enable multi-factor authentication (MFA) and monitor alerts.
- Block logins from suspicious IP addresses if possible.
- Educate employees about phishing scams and how to recognize fake messages.
This campaign shows how sophisticated cyber scams have become. Everyone should stay vigilant and double-check emails before entering any login information.
Source: https://thehackernews.com/2026/03/device-code-phishing-hits-340-microsoft.html