Press Room
Prosegur Cybersecurity: companies are extremely vulnerable to new method of digital fraud using legitimate codes to bypass traditional defenses
In the 2026 threat scenario, combating this type of fraud requires strict supervision of authentication protocols and constant monitoring of digital identity.
Madrid, 26 May 2026.- Prosegur Cybersecurity, Prosegur Security's specialized cybersecurity unit, has detected a notable increase in device code phishing, which is hitting companies and organizations across a range of sectors. Based on the misuse of legitimate access codes, this form of digital fraud has increased 37-fold between 2024 and 2026, driven by techniques that find loopholes in corporate authentication systems.
Unlike traditional phishing, this approach stands out for its 'zero footprint' nature. The attackers do not use malicious files or fraudulent links that can be blocked by conventional antivirus. Instead, they employ a strategy focused on convincing the user to enter a legitimate code on a seemingly official page. This opens the door to access the corporate account, a process that is carried out entirely through in-house services that bypass most organizations’ protection systems.
Persistence and automation, the pillars of the attack
Prosegur Cybersecurity's analysis highlights two critical factors: prolonged persistence and advanced automation. Once the attacker obtains authorization, they can maintain access for weeks or even months, thanks to permissions that make it possible to reactivate sessions without user intervention, even if the organizations changes passwords. Added to this is a level of automation that accelerates intrusion: attackers use processes capable of checking emails, extracting documents and creating permanent internal access in a matter of seconds by modifying email rules or registering new applications within the corporate environment.
This dual approach, durable access and high-speed execution, creates a uniquely difficult threat for security teams to detect and contain.
Strengthening protection strategy
Prosegur Cybersecurity warns that this type of threat forces organizations to rethink their protection strategy. Security can no longer rely solely on passwords or malicious file detection and instead must focus on continuous monitoring of authentication protocols, permissions and digital identity health.
The company insists on the need to review access configurations, monitor the creation of new internal applications, audit the permissions granted to connected services and establish response procedures that allow access permissions to be completely revoked. It also considers it essential to install mechanisms that allow identification and removal of fraudulent emails in all corporate mailboxes to prevent them spreading.
As Carlos A. Fernández, director of the xMDR division of Prosegur Cybersecurity, explains: "Rather than trying to breach systems, this approach takes advantage of users’ trust and authentication services. It is a profound change in the way companies are attacked and forces us to strengthen surveillance of digital identity. Understanding how this technique works and its increased use allows us to anticipate and help organizations protect against a threat that is already active and will continue to evolve."