Security News > 2020 > July > Microsoft warns organizations of consent phishing attacks
In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.
A more specialized type of campaign known as consent phishing aims to grab sensitive data not by snagging your password but by tricking you into giving the necessary permissions to a malicious app.
Further, Microsoft is trying to better secure its application ecosystems by allowing customers to set policies on the types of apps to which users can give certain consent.
To help protect against consent phishing campaigns, Microsoft offers advice for individuals and organizations.
Attackers like to spoof app names that make it appear to come from legitimate applications or companies but drive you to consent to a malicious app.
News URL
Related news
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)