Report: Device Code Phishing Is Surging
KnowBe4, Thursday, June 25th, 2026
KnowBe4 reports a sharp rise in device code phishing attacks abusing OAuth device authorization flows.
Published June 25, 2026, this KnowBe4 post highlights a surge in device code phishing, where attackers abuse the OAuth device authorization flow to hijack accounts.
Victims are tricked into entering attacker-generated codes, granting access without stealing passwords.
The post explains why these attacks bypass some traditional defenses and target enterprise identity systems. KnowBe4 recommends user education and monitoring to counter the trend.