IT Support Services

Cybersecurity Risk Management at one predictable flat rate.

IT Consulting

Business optimization through the smart use of technology.

Business Phone Services

VoIP Telephone solutions from RCT.

Backups & Recovery

Cloud & On Premise - ready to recover!

Website Development & Hosting

Web design and full hosting & maintenance packages!

Modern Email Management

Microsoft 365 email provisioning, security & management.

Cybersecurity Risk Assessment

Internal auditing to help identify potential cyber threats.

“You’re giving me the ‘it’s not you, it’s me’ routine? I invented ‘it’s not you, it’s me.’ Nobody tells me it’s them not me; if it’s anybody, it’s me.”

- George Costanza

Learning Center Newsletter Contact Us

Watch Out for This Sneaky New Scam: Device Code Phishing

Just when you think your cybersecurity is rock solid, bam! a new scam shows up to shake things up.

Right now, a clever trick called device code phishing is making the rounds. And it’s catching out smart, secure businesses like yours.

Here’s the scary part: No password is needed.

That’s right. This phishing scam doesn’t rely on fake login pages or tricking you into typing in your password. Instead, it uses real Microsoft login screens, the kind you trust every day.

How it works

It usually starts with an email that looks legit. Maybe it appears to be from someone in HR or a colleague, inviting you to a Microsoft Teams meeting.

You click the link and land on a genuine Microsoft login page. So far, everything looks normal.

Then you're asked to enter a device code, a short code included in the email. You’re told it’s needed to join the meeting or complete the sign-in.

But here’s the catch: entering that code logs in the attacker, not you. You’ve just given someone else access to your Microsoft account on their device.

Even worse, this can bypass multi-factor authentication (MFA) because the login is happening through Microsoft’s own channels. That makes it really hard to detect with standard security tools.

What can go wrong?

Once inside, cybercriminals can:

Read your emails
Access your files
Impersonate you to trick others

It's like handing someone the keys to your office without realizing it.

How to protect your business

Pause before entering any device codes. If you didn’t request it, don’t enter it.
Verify suspicious emails separately. Call the person or message them using a trusted channel.
Know the red flags. Real Microsoft logins don’t involve someone else sending you a code to type in.
Ask your IT provider to disable device code login if it’s not something your business needs.
Keep training your team. The more your people know, the safer your business will be.

Cybersecurity isn’t just about strong passwords; it’s about staying sharp and spotting the tricks. If you’re unsure whether your defences are up to date, we’re here to help.

Let’s lock those doors before someone sneaks in. Get in touch.

Until next time, keep fit and have fun!

(TYYV) The Yada Yada Version:

Device code phishing is a new scam that tricks users into granting account access through legitimate Microsoft login pages, bypassing passwords and even MFA by entering a seemingly harmless code and yada yada yada its just yet another scam to watch out for!