Subscribe
Home Craft What Is Consent Phishing and Why Is It Dangerous?

What Is Consent Phishing and Why Is It Dangerous?

by Staff
0 comment

Phishing is a massively popular cybercrime tactic used by threat actors around the world. Over the years, phishing has diversified into a range of different types, including consent phishing. But how exactly does consent phishing work, and is it a threat to you?


Consent phishing is a phishing tactic that requires some level of authentication to be successful. These attacks involve the use of malicious apps to be successful, with OAuth apps being a particularly popular choice. Let’s run through an example of consent phishing with a harmful OAuth app to understand how the process works.

As is often the case with phishing in general, consent phishing attacks begin with an email, wherein the attacker claims to be an official entity. Because consent phishing is used to access cloud storage accounts, we’ll use Google Workspace as an example. Note that accounts that have already been logged into are targeted in consent phishing.

Let’s say that an attacker emails a target claiming to be a Google employee. Within this email, the attacker will tell the target that they need to log into their Google Workspace account to perform some kind of function. For example, the target may be told that they need to log in to verify their identity.

The attacker will provide a link within their email, which they claim leads to the Google Workspace login page. If the target remains unaware of the scam, they may then click on the link.

This is the point at which consent phishing differs from typical credential phishing. In the next step of the attack, the threat actor will use a malicious app hosted by a legitimate provider to access the victim’s data. When the victim clicks on the malicious link, they’ll be taken to a permissions page, where they’ll be asked to grant the provider certain access.

Because the victim believes they are dealing with a legitimate page, it’s likely that they’ll grant these permissions. However, at this point, attacker has been granted access to the victim’s Google Workspace account.

But why would an attacker want access to someone’s cloud storage account?

In the cybercrime game, data can be invaluable. There are various kinds of information that an attacker can leverage towards their own benefit, such as payment information. But it’s unlikely that a cloud account will contain such data. So, what’s the point of consent phishing?

A lot of attackers tend to target organizational cloud storage accounts to access company data. Such data can be useful in a number of ways.

Firstly, the attacker may be able to sell the organizational data on a dark web marketplace. Such illicit corners of the internet are hugely popular among cybercriminals, as huge profits can be made via the sale of data. Cybercriminals can also steal company data and demand a ransom for its return, which can turn out to be more profitable than simply selling that data on the dark web. That is, if they don’t do that as well…

Consent phishing is often used against organizations rather than individuals (that’s why Google Workplace is a good example; it’s ideal for companies). So it’s important that company leaders educate their staff on how consent phishing works. Many people are completely unfamiliar with phishing and the red flags they should look out for, so showing employees how to identity a possible scam email can be invaluable to the company’s security.

Additionally, it may be worth having a list of pre-authorized apps that a given employee can access on their work devices. This can eliminate the chance of any member of staff unknowingly granting permissions to a malicious app.

Employing other security measures can also be beneficial, such as anti-spam filters and Two-Factor Authentication (2FA).

Protect Your Data by Knowing What to Look For

Consent phishing, and phishing in general, can have devastating consequences. This kind of cyberattack is worryingly effective at swindling victims. However, there are ways to pick up on consent phishing and stop it in its tracks. Through education and vigilance, you can protect your data effectively, keeping it out of the hands of malicious actors.



Read the full article here

SaleBestseller No. 1
Apple AirPods Max Wireless Over-Ear Headphones. Active Noise Cancelling, Transparency Mode, Spatial Audio, Digital Crown for Volume Control. Bluetooth Headphones for iPhone - Green
Apple AirPods Max Wireless Over-Ear Headphones. Active Noise Cancelling, Transparency Mode, Spatial Audio, Digital Crown for Volume Control. Bluetooth Headphones for iPhone - Green
 Apple-designed dynamic driver provides high-fidelity audio; Active Noise Cancellation blocks outside noise, so you can immerse yourself in music
$449.99
Bestseller No. 3
Apple iPad Air 2, 64 GB, Space Gray (Renewed)
Apple iPad Air 2, 64 GB, Space Gray (Renewed)
Apple iOS 8; 9.7-Inch Retina Display; 2048x1536 Resolution; A8X Chip with 64-bit Architecture; M8 Motion Coprocessor
$185.00
SaleBestseller No. 4
2021 Apple 10.2-inch iPad (Wi-Fi, 64GB) - Silver
2021 Apple 10.2-inch iPad (Wi-Fi, 64GB) - Silver
Gorgeous 10.2-inch Retina display with True Tone; A13 Bionic chip with Neural Engine; 8MP Wide back camera, 12MP Ultra Wide front camera with Center Stage
$269.99
Bestseller No. 5
2022 Apple TV 4K Wi‑Fi with 64GB Storage (3rd Generation)
2022 Apple TV 4K Wi‑Fi with 64GB Storage (3rd Generation)
4K Dolby Vision and HDR10+ for vivid picture quality; Dolby Atmos for three-dimensional, theater-like sound
$123.49
Bestseller No. 7
Apple AirTag 4 Pack
Apple AirTag 4 Pack
Keep track of and find your items alongside friends and devices in the Find My app; Simple one-tap setup instantly connects AirTag with your iPhone or iPad
$94.98
Bestseller No. 8
Apple MacBook Air with Intel Core i5, 1.6GHz, (13-inch, 4GB,128GB SSD) - Silver (Renewed)
Apple MacBook Air with Intel Core i5, 1.6GHz, (13-inch, 4GB,128GB SSD) - Silver (Renewed)
1.6 GHz dual-core Intel Core i5 (Turbo Boost up to 2.7 GHz) with 3 MB shared L3 cache; 13.3-Inch (diagonal) LED-backlit Glossy Widescreen Display, 1440 x 900 resolution
$299.99
Bestseller No. 9
Apple Of My Eye
Apple Of My Eye
Amazon Prime Video (Video on Demand); Amy Smart, Burt Reynolds, Liam McIntyre (Actors); Castille Landon (Director) - Castille Landon (Writer) - Dori A. Rath (Producer)
$3.99
SaleBestseller No. 10
Apple 35W Dual USB-C Port Compact Power Adapter ​​​​​​​
Apple 35W Dual USB-C Port Compact Power Adapter ​​​​​​​
The compact size and folding prongs make it easy to pack and store.; Charging cable sold separately.
$52.00

You may also like

Leave a Comment

Iman Hearts is one of the biggest lifestyle news and articles portals, we provide the latest news and articles about family, lifestyle, entertainment, and many more, follow us to get the latest news about what matters to you.

 

© 2022 Iman Hearts. All rights reserved. Sitemap