
A Microsoft 365 phishing campaign, dubbed DEBULL Tooling, has been caught exploiting a vulnerability in the company’s device-code flow feature to infiltrate M365 accounts between **June 24th** and **July 4th**.
The scheme, uncovered by security firm ZeroBEC, relies on tricking users into handing over sensitive info via a phishing message that masquerades as a collaboration-focused notification.
Targeting Office 365 Users
The attack specifically exploits the device-code flow feature used by Microsoft 365 for authentication. While this feature is designed to provide users with an easy, passwordless login experience, it appears DEBULL Tooling has found a way to abuse it for nefarious purposes.
As reported by ZeroBEC, the phishing messages sent out as part of this campaign are themed around Microsoft 365 collaboration features. The messages include enticing subjects like “Collaboration invitation” or “Shared document update.” However, clicking on the “device code” link within these messages leads users to a webpage that asks for their consent to share sensitive information with Microsoft.
What this means
What’s particularly concerning about this campaign is the fact that it leverages a legitimate feature of Microsoft 365. For users to avoid falling victim to such attacks, they need to remain vigilant when receiving unsolicited messages, especially those related to collaboration. Users should always verify the authenticity of such messages before proceeding.
It’s also worth noting that this incident serves as a timely reminder to double-check the links and prompts generated by Microsoft 365, especially when it comes to sensitive information. If you’re unsure about the legitimacy of a prompt, it’s always better to err on the side of caution.
Prevention is key
To prevent falling prey to similar attacks, users should stay informed about such security incidents and keep their Microsoft 365 accounts up-to-date with the latest security patches. Regularly reviewing account activity and enabling two-factor authentication (2FA) can also significantly reduce the risk of falling victim to phishing attacks.



