Security News > 2020 > October > Coinbase phishing hijacks Microsoft 365 accounts via OAuth app
A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim's email.
Over the past year, hackers have increasingly used Microsoft Office 365 OAuth apps, otherwise known as consent apps, as part of their attacks.
Consent apps are Office 365 OAuth applications that allow third-parties access to a consenting user's email account to perform actions on their behalf.
If a user logs in to their Microsoft account, they will be shown a prompt to allow an app from coinbaseterms.
These steps include educating employees to spot consent phishing tactics, requiring the use of publisher verified apps, and only allow employees to OAuth apps trusted by the organization or provided by verified publishers.