Consent Phishing – New Pole, Same Fish

OAuth is an open standard that allows access delegation.  It can be used in many different ways, but one of the most common is as a way to allow you to sign in for one service using a username and password that you already have on another service. You may have seen sites that allow you to log in using your Facebook or Gmail password. Most of these services use OAuth.

Another common use for OAuth is as a method to link two applications together. Examples might include a calendar application that adds functionality to Outlook’s native calendar or project management tools that are accessible from within Office applications and monitor your email for project related information.

OAuth can offer the end user convenience and additional functionality. Unfortunately, it can also offer malicious actors a way to gain unrestricted access to a Microsoft 365 account that can persist through common account remediation efforts like password changes.  This type of attack is called “consent phishing” and it is on the rise.

Consent phishing is where attackers trick users into granting a malicious app access to their Microsoft 365 account.  The application is configured in a way that makes it seem trustworthy and can be sent to unsuspecting users through links in an email.  This issue has been made more problematic by the number of people working from home who use additional collaboration apps for meetings and file sharing.

AC3 has a policy in place for our clients to prevent end users from installing applications without administrative review.  End users are required to submit requests for any OAuth integrations, and these requests are reviewed before approval.  If your IT department or MSP does not offer these types of protections, it is especially important to be very careful when clicking links in email and to never approve an application’s access to your account without careful consideration.  It is very important to review what exactly permissions you are granting to the application before you click “accept”.

 

OAuth approval windows look something like this:

oauth-permission.png

Are you in the New Orleans area? AC3 can help you secure your Microsoft 365 or assist you with migrating to Microsoft365 services! Talk to an information technology specialist or email us at support@ac3it.com with any questions!

AC3 IT