Oct 3 / Admin

New Scam Alert: What Is Consent Phishing and Why Is It Dangerous?

Make Use Of Reported:

As is often the case with phishing in general, consent phishing attacks begin with an email, wherein the attacker claims to be an official entity.

Let's say that an attacker emails a target claiming to be a Google employee. Within this email, the attacker will tell the target that they need to log into their Google Workspace account to perform some kind of function. For example, the target may be told that they need to log in to verify their identity.

This is the point at which consent phishing differs from typical credential phishing. In the next step of the attack, the threat actor will use a malicious app hosted by a legitimate provider to access the victim's data. When the victim clicks on the malicious link, they'll be taken to a permissions page, where they'll be asked to grant the provider certain access.

Because the victim believes they are dealing with a legitimate page, it's likely that they'll grant these permissions. However, at this point, attacker has been granted access to the victim's Google Workspace account.
Find out more with the original article here.

Enroll in Training Sessions:  Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
* indicates required