Security News > 2020 > October > Coinbase phishing hijacks Microsoft 365 accounts via OAuth app
A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim's email.
Over the past year, hackers have increasingly used Microsoft Office 365 OAuth apps, otherwise known as consent apps, as part of their attacks.
Consent apps are Office 365 OAuth applications that allow third-parties access to a consenting user's email account to perform actions on their behalf.
If a user logs in to their Microsoft account, they will be shown a prompt to allow an app from coinbaseterms.
These steps include educating employees to spot consent phishing tactics, requiring the use of publisher verified apps, and only allow employees to OAuth apps trusted by the organization or provided by verified publishers.
News URL
Related news
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)