Security News > 2020 > October > Coinbase phishing hijacks Microsoft 365 accounts via OAuth app
A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim's email.
Over the past year, hackers have increasingly used Microsoft Office 365 OAuth apps, otherwise known as consent apps, as part of their attacks.
Consent apps are Office 365 OAuth applications that allow third-parties access to a consenting user's email account to perform actions on their behalf.
If a user logs in to their Microsoft account, they will be shown a prompt to allow an app from coinbaseterms.
These steps include educating employees to spot consent phishing tactics, requiring the use of publisher verified apps, and only allow employees to OAuth apps trusted by the organization or provided by verified publishers.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)