PSA: New Threat - Consent Phishing

Forums › IT Pro and developers › PSA: New Threat - Consent Phishing

networkn

Networkn
32868 posts

Uber Geek
+1 received by user: 15457

ID Verified

Trusted

Lifetime subscriber

#288769 22-Jul-2021 11:12

Another Day, another IT Security threat.

Make your users aware, or if you are an end-user, consider yourself warned:

https://pushsecurity.com/blog/consent-phishing-the-emerging-phishing-technique-that-can-bypass-2fa/?utm_source=reddit-office365&utm_medium=post&utm_id=078-blogs

BlakJak

1330 posts

Uber Geek
+1 received by user: 735

Trusted

#2749480 25-Jul-2021 15:17

Or just limit their ability to grant third party access to their accounts without admin intervention, job done?

I don't agree with the article's premise that this sort of limitation impacts on productivity. It is, unfortunately, a fact of life.

No signature to see here, move along...

Jogre

182 posts

Master Geek
+1 received by user: 40

#2750036 26-Jul-2021 17:11

"Consent phishing is still an emerging technique and we believe that it has not reached peak usage by attackers yet"

It's actually been around for a while now since Microsoft released controls within Azure AD 9 months ago to stop users consenting unverified apps (reference screenshots in article) when admins are too lazy to put in an Admin Consent workflow.

Jono Green

Microsoft New Zealand