Security News > 2020 > October > Microsoft adds consent phishing protection to Office 365
Microsoft announced that consent phishing protections including OAuth app publisher verification and app consent policies are now generally available in Office 365.
These protections are designed to defend Office 365 users from an application-based phishing attack variant known as consent phishing.
In this type of phishing attack, targets are tricked into providing access to their Office 365 accounts by granting permissions to malicious Office 365 OAuth apps.
Microsoft warned customers in July of threat actors using Office 365 OAuth applications in consent phishing attacks as part of Business Email Compromise fraud schemes.
For more tips on how to defend against consent security threats, organizations can also review the Detect and Remediate Illicit Consent Grants in Office 365 support document.
News URL
Related news
- Microsoft 365 anti-phishing feature can be bypassed with CSS (source)
- Microsoft 365 anti-phishing alert “erased” with one simple trick (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft discloses unpatched Office flaw that exposes NTLM hashes (source)
- Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure (source)
- Microsoft Sway abused in massive QR code phishing campaign (source)
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials (source)
- Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns (source)
- Microsoft Office 2024 to disable ActiveX controls by default (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)