HR Howard Resource Group Gaming · Workstations · Office · Repair · Business IT · Dawsonville, GA
(706) 203-2563
Security

The FBI's Microsoft 365 Warning — the 'Device Code' Scam That Beats MFA

June 27, 2026

The FBI has put out a warning about a phishing scam hitting Microsoft 365, Outlook, and Teams users — and what makes it nasty is that it can get around multi-factor authentication. If you run a business on Microsoft 365, this is one to understand.

How the scam works

It's called "device code" phishing. You get an email — often dressed up as a Teams invite, an IT request, or a meeting link. It tells you to go to a real Microsoft login page (the genuine one) and enter a short code it provides.

Here's the trick: that page is legitimate. But the code you're entering doesn't log you in — it authorizes the attacker's device to sign into your account. You're handing them the keys yourself, on a real Microsoft page.

Why MFA doesn't save you

Normally, multi-factor authentication stops a stranger who has your password. But in this scam you are the one approving the sign-in — so the MFA prompt passes, because from Microsoft's view it's a legitimate, approved login. That's exactly why the FBI flagged it: people who did "everything right" with security can still get caught.

The one rule that stops it

Never enter a device code you didn't personally generate. A real device-code login only happens when you start it — signing into a new app on your TV, a game console, a printer. If an email hands you a code and tells you to type it into a Microsoft page, stop. That's the scam, every time.

What to do if you already entered one

  1. Sign out everywhere. In your Microsoft account security settings, revoke active sessions and sign out of all devices.
  2. Change your password immediately, from a device you trust.
  3. Check your mailbox rules. Attackers often add hidden forwarding or filtering rules to cover their tracks — delete anything you didn't create.
  4. Tell your IT person or us, especially for a business account — we'll lock it down and check what was accessed.

If you run a business on Microsoft 365 and want it actually secured against this kind of thing, that's part of what we do. We're in Dawsonville and serve all of North Georgia — (706) 203-2563.

Want a second set of eyes?

Whether it's a scam cleanup, a security checkup, or making sure your PC's Secure Boot and TPM are healthy — we're in Dawsonville and serve all of North Georgia, in person or remote.

Get help — (706) 203-2563

More from the bench

The Fake CAPTCHA Scam That Tricks You Into Running Malware → Call of Duty's "Failed Attestation" / TPM Error — The Fix → ← All posts