Microsoft: Criminals can access your accounts without your password
June 8, 2022
|
4
min read
Highlights
Cyber criminals are always looking for new ways to access your accounts. And now they’ve found a way that means they don’t even need your password. Beware this one…
Think Your Cyber Security Is Locked Down? Think Again.
Just when you feel confident about your cyber security setup, a new threat emerges to shake things up.
Right now, a fresh scam is making the rounds—and it’s catching out businesses like yours. The most alarming part? Cyber criminals don’t even need your password to break in.
It’s called device code phishing, and it’s gaining traction fast. Microsoft has already flagged a surge in these attacks, and more are expected.
Unlike traditional phishing—where attackers trick you into entering your credentials on fake websites—this method is far more cunning.
How It Works
Attackers send a convincing email, often posing as someone from HR or a colleague, inviting you to a Microsoft Teams meeting. You click the link and land on a genuine Microsoft login page. Everything looks normal.
Then you’re asked to enter a short “device code” provided in the email. It seems routine.
But here’s the twist: by entering that code, you’re not logging yourself in—you’re logging the attacker into your account. And because the login uses legitimate Microsoft infrastructure, it can even bypass multi-factor authentication.
Once inside, attackers can:
- Read your emails
- Access sensitive files
- Impersonate you to deceive others
It’s like handing over your office keys without realising it.
Why It’s So Dangerous
- You’re on a real Microsoft site—not a dodgy clone.
- You didn’t enter your password into a suspicious form.
- Everything looks above board… but it’s not.
Even worse, traditional security tools may not detect this. And if the attacker captures your session token, changing your password won’t necessarily kick them out.
How to Stay Safe
- Pause before entering any code: Ask yourself—did I request this? Is it from a trusted source?
- Verify requests: Use a separate channel (like a phone call or internal messaging) to confirm legitimacy.
- Know the signs: Real Microsoft logins don’t involve someone else giving you a code to enter.
- Disable device code login: If your business doesn’t use it, your IT team should consider turning it off.
- Train your team: Awareness is your best defence. The more your people know, the safer your business will be.
Need help reviewing your security setup or training your team? Let’s talk
Tell us about yourself so we can serve you best.
Got a question?
More articles
For many landlords and building managers, the word “wayleave” feels like the responsible route whenever a fibre circuit is being installed on their property. It sounds formal and safe – a neat legal box to tick.
In many cases, however, a wayleave adds unnecessary complexity and delays, frustrates tenants, and can expose landlords to long-term legal risks.
At Vorboss, we’ve connected thousands of office spaces across London without a wayleave, keeping landlords in full control and getting tenants online faster.
What is a wayleave?
A wayleave is a written agreement between a landowner and a telecoms operator. It gives the operator permission to install and keep equipment on private property.
What many people don’t realise is that signing a wayleave also activates “Code rights” under the Electronic Communications Code. These rights go beyond simple permission, they give the operator legal powers to stay on the property indefinitely, access it when needed, and even refuse removal of their equipment in certain situations.
For a typical connection into a commercial building in London, a wayleave can make the fibre installation process slower, more expensive, and limit the landlord’s flexibility long term.
Why a wayleave isn’t required for standard in-building fibre connections
For a standard in-building fibre connection serving a tenant, a wayleave isn’t a legal requirement. Important protections, like building access, fire safety, repairing any damage, and removing equipment, are already covered by the tenant’s lease and usual building rules.
If no wayleave is signed, no Code rights are triggered, meaning the landlord retains full control and the installation exists under a simple, fully revocable licence.
In practice, this gives landlords far more protection and flexibility:
- No legal lock-in – the telecoms operator has no long-term rights to stay or refuse removal.
- Landlords keep full control – equipment can be moved or removed when the building changes.
- Faster fibre installation – no time lost in drafting contracts or solicitor reviews.
- Happier tenants – connections go live quicker; tenants get to move in faster.
By contrast, signing a wayleave and granting Code rights introduces a complex and expensive legal process for any fibre removal or relocation. This can take at least 18 months, plus potential court or tribunal proceedings, making it slower, and far less flexible for the landlord.
Public services across central London are evolving, and the City of London Corporation is leading the way.
Whether you work, live or study in the Square Mile, you’ll soon feel the difference that faster, more dependable connectivity brings.
What is the Future Network Programme?
The City of London Corporation is rolling out the Future Network Programme, a major project to modernise its entire digital infrastructure and bring everything under one unified network.
From offices and schools to iconic green spaces like Hampstead Heath, cultural destinations like the Barbican, and historic markets such as Leadenhall and Old Spitalfields, this upgrade will mean more reliable connectivity across the City’s buildings and public spaces.
It also extends to essential services, including critical sites run by the City of London Police. This enhanced connectivity will support everything from secure communication systems to faster, more resilient networks for emergency operations.
Leading this transformation is Roc Technologies, supported by Juniper Networks and Palo Alto Networks; all powered by the Vorboss fibre network. Together, we’re bringing the City onto a modern digital foundation that’s ready to support its future.
Who the Future Network Programme benefits and how?
The programme is designed for everyone who depends on public services in the Square Mile:
- Students in City-run schools will have fast, reliable connectivity to fully access digital learning tools.
- Public-sector teams will experience smoother hybrid working, better access to online platforms, and more efficient collaboration across locations.
- Residents and visitors will see improvements in public Wi-Fi, digital services, and online access in libraries, community hubs, and other shared spaces.
- The City of London Police will gain a more secure, faster and resilient network that enhances CCTV reliability and enables more effective frontline operations.
.avif)
.avif)
