Most business owners know phishing as a fake email that tries to steal a password. But newer attacks do not always need the password at all.
The FBI recently warned about a phishing service called Kali365 that targets Microsoft 365 accounts. Microsoft and security researchers have also described attacks that abuse “device code” sign-ins. In plain English, this is the same type of login flow people may see when signing into a TV, conference room device, or app that asks them to enter a short code on a Microsoft login page.
The problem is that attackers can trick an employee into entering a code that actually approves the attacker’s session.
MFA, or multi-factor authentication, is still important. It helps protect accounts by requiring something more than a password. But device-code phishing is dangerous because the employee may be signing in on a real Microsoft page and may even complete MFA correctly.
From the employee’s point of view, the request may look legitimate. They may think they are opening a shared document, voicemail, invoice, or Teams-related message. Behind the scenes, the attacker is trying to get access to the Microsoft 365 account session.
That can put email, Teams, OneDrive, SharePoint files, calendars, contacts, and customer information at risk.
For an Orlando small business, a Microsoft 365 account is often the front door to daily operations. If an attacker gets in, they may be able to:
This is why phishing is not just an “IT problem.” It can quickly become a billing problem, payroll problem, customer trust problem, and downtime problem.
Train employees to pause when they see:
The safest habit is simple: if the request is unexpected, verify it through a separate channel before signing in.
Small businesses do not need to panic, but they should tighten the basics.
Start by reviewing Microsoft 365 sign-in activity for unusual locations, devices, or patterns. Make sure admin accounts are separate from daily-use accounts. Use stronger forms of MFA where possible, such as passkeys or security keys. Review conditional access settings so risky sign-ins are blocked or challenged. Limit who can approve new apps, devices, and third-party access.
It is also smart to make sure employees know that “real Microsoft page” does not always mean “safe request.” The page can be real, but the reason they were sent there can still be fraudulent.
Himala and his team at Cybernetic Networks have been amazing. We have been a customer of Cybernetic Networks for well over 14 years now, both personally and professionally. Himala and his team are professional, reachable and on the cutting edge of technology. We have enjoyed doing business with Cybernetic Networks for many years and still rely on their knowledge, skills and technology every day
Himala and his Cybernetic team have never let me down! For over 10 years now they have been fixing my technical issues, set up all my new networks and computers and have safeguarded me from any hackers or malware. You can trust this company to navigate you as your company grows and to keep you on track with the latest in security and safety
I am a solo practicing neurologist and have had all my IT needs covered through Cybernetic Networks since 2007. They are the best! All of their tech support staff is extremely knowledgeable and efficient. Just as importantly, they are quickly responsive whenever we need their assistance. I couldn’t be happier with their service and give them my highest recommendation!
I couldn't be happier with Cybernetics - they are experts, always respond quickly , and solves any issues I have.
Cybernetic Networks has been advising and supporting all our IT issues and purchases for the last 18 years. They are very responsive and extremely knowledgeable- always providing us with timely services.
It is not often you find small business companies that are not only rewarding to work with, but also have integrity, truth and skill. I have worked with this company for over 20 years, and the service is outstanding. I can easily recommend that if you need an IT company, this is the one to get. Full STOP! Look no further, you will be happy that you did. Sue Myhelic, Gulf Breeze Real Estate, Naples, Florida.
Himala and his team from Cybernetic Networks, Inc. has been an integral part of our successful retail business for the past 20 years. He is extraordinarily knowledgable and always available for our IT needs. Thanks to Himala and his team we are always up and running.
