Security News > 2020 > July > Microsoft warns organizations of consent phishing attacks
In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.
A more specialized type of campaign known as consent phishing aims to grab sensitive data not by snagging your password but by tricking you into giving the necessary permissions to a malicious app.
Further, Microsoft is trying to better secure its application ecosystems by allowing customers to set policies on the types of apps to which users can give certain consent.
To help protect against consent phishing campaigns, Microsoft offers advice for individuals and organizations.
Attackers like to spoof app names that make it appear to come from legitimate applications or companies but drive you to consent to a malicious app.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)