AI-Powered Phishing Attacks Exploit Microsoft Device Code Login

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

Attackers are using the AI-driven EvilTokens phishing-as-a-service platform to automate device code phishing attacks targeting Microsoft Azure users. By leveraging AI and social engineering, they bypass multi-factor authentication on official Microsoft login pages, leading to account takeovers and data breaches. The attacks are notably more effective against Microsoft than Google environments.[AI generated]

Why's our monitor labelling this an incident or hazard?

The event involves the use of AI-powered automated tools in phishing attacks that have directly caused harm by enabling attackers to bypass security measures and take over accounts, leading to data theft and potential further malicious activities. The article details realized harms including account compromise, data access, and potential ransomware deployment, all stemming from AI-assisted phishing. Hence, it meets the criteria for an AI Incident due to direct harm caused by AI system use in the attack.[AI generated]
AI principles
Privacy & data governanceRobustness & digital security
Industries
Digital securityIT infrastructure and hosting
Affected stakeholders
ConsumersBusiness
Harm types
Economic/PropertyReputationalHuman or fundamental rights
Severity
AI incident
Business function:
Other
AI system task:
Content generation

Articles about this incident or hazard

Thumbnail Image

別再只看網址!微軟官方登入頁面竟也可能成為釣魚陷阱

2026-06-16
Yahoo News (Taiwan)
Why's our monitor labelling this an incident or hazard?
The event involves the use of AI-powered automated tools in phishing attacks that have directly caused harm by enabling attackers to bypass security measures and take over accounts, leading to data theft and potential further malicious activities. The article details realized harms including account compromise, data access, and potential ransomware deployment, all stemming from AI-assisted phishing. Hence, it meets the criteria for an AI Incident due to direct harm caused by AI system use in the attack.
Thumbnail Image

別再只看網址!微軟官方登入頁面竟也可能成為釣魚陷阱

2026-06-16
自由時報電子報
Why's our monitor labelling this an incident or hazard?
The article explicitly mentions the use of AI combined with automated tools by attackers to conduct phishing attacks that result in account takeover and data breaches. The AI system's involvement in the attack's use phase directly leads to harm to organizations and individuals by enabling unauthorized access and potential further cyberattacks. This fits the definition of an AI Incident because the AI system's use has directly led to harm (violation of rights, harm to property and communities through data breaches and potential ransomware).
Thumbnail Image

假ChatGPT付款通知破10萬封!微軟警告:點連結恐遭盜刷 | LIFE生活網

2026-06-16
LIFE 生活網
Why's our monitor labelling this an incident or hazard?
The event involves AI systems only as impersonated brands in phishing scams, not as AI systems causing harm through their operation or malfunction. The harm is caused by malicious actors using AI service names to deceive users, which is a misuse of AI branding rather than an AI system malfunction or misuse. Therefore, this is best classified as Complementary Information because it provides a security warning and context about AI-related phishing threats and recommended responses, rather than describing a direct AI Incident or AI Hazard.