# Device code phishing attacks surge 3,700% as criminal kits proliferate

_Saturday, April 4, 2026 at 6:25 PM EDT · Cybersecurity · Latest · Tier 1 — Major_

![Device code phishing attacks surge 3,700% as criminal kits proliferate — Primary](https://www.bleepstatic.com/content/hl-images/2024/05/13/Phishing.jpg)

Attacks exploiting the OAuth 2.0 Device Authorization Grant flow have increased more than 37 times this year as automated phishing kits lower barriers to entry for cybercriminals, security researchers report. The technique bypasses traditional phishing defenses by targeting the device code authentication process used for smart TVs, printers, and other input-constrained devices. Once attackers obtain a device code through social engineering, they can hijack accounts without capturing passwords or bypassing multi-factor authentication. The surge reflects a broader pattern of attackers migrating to authentication protocol weaknesses as direct credential theft becomes more difficult. Security teams are being advised to monitor for anomalous device code requests and implement additional verification steps for device-based authentication workflows.

## Sources

- [BleepingComputer](https://www.bleepingcomputer.com/news/security/device-code-phishing-attacks-surge-37x-as-new-kits-spread-online/)

---
Canonical: https://techandbusiness.org/newswire/hT0mDZ4YgKEt45ltCYzK74
Retrieved: 2026-04-22T03:38:05.503Z
Publisher: Tech & Business (techandbusiness.org)