Security News > 2020 > July > Microsoft warns organizations of consent phishing attacks
In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.
A more specialized type of campaign known as consent phishing aims to grab sensitive data not by snagging your password but by tricking you into giving the necessary permissions to a malicious app.
Further, Microsoft is trying to better secure its application ecosystems by allowing customers to set policies on the types of apps to which users can give certain consent.
To help protect against consent phishing campaigns, Microsoft offers advice for individuals and organizations.
Attackers like to spoof app names that make it appear to come from legitimate applications or companies but drive you to consent to a malicious app.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)