Security News > 2020 > October > Microsoft adds consent phishing protection to Office 365
Microsoft announced that consent phishing protections including OAuth app publisher verification and app consent policies are now generally available in Office 365.
These protections are designed to defend Office 365 users from an application-based phishing attack variant known as consent phishing.
In this type of phishing attack, targets are tricked into providing access to their Office 365 accounts by granting permissions to malicious Office 365 OAuth apps.
Microsoft warned customers in July of threat actors using Office 365 OAuth applications in consent phishing attacks as part of Business Email Compromise fraud schemes.
For more tips on how to defend against consent security threats, organizations can also review the Detect and Remediate Illicit Consent Grants in Office 365 support document.
News URL
Related news
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)