Security News > 2020 > July > Microsoft warns organizations of consent phishing attacks
In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.
A more specialized type of campaign known as consent phishing aims to grab sensitive data not by snagging your password but by tricking you into giving the necessary permissions to a malicious app.
Further, Microsoft is trying to better secure its application ecosystems by allowing customers to set policies on the types of apps to which users can give certain consent.
To help protect against consent phishing campaigns, Microsoft offers advice for individuals and organizations.
Attackers like to spoof app names that make it appear to come from legitimate applications or companies but drive you to consent to a malicious app.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)