Device Code Phishing is a cyberattack method where attackers exploit authentication flows, particularly those using device codes for login (such as OAuth device authorization). In this technique, attackers trick users into entering a device code - provided by the attacker - on a legitimate authentication page. Once the victim submits the code, the attacker gains access to the victim’s account or resources, bypassing traditional credential-based security. This phishing method is increasingly used against services that support device code authentication, making it critical for users to verify the source of any device code requests and to never enter codes unless they originate from trusted applications or devices.