Consent Phishing (OAuth Phishing)
A modern phishing tactic that tricks users into granting malicious third-party applications persistent access to their cloud accounts, bypassing MFA entirely.
Overview
Unlike traditional phishing that steals passwords, Consent Phishing steals permissions. The attacker sends a link asking the victim to authorize a seemingly legitimate app (e.g., 'Zoom Integration' or 'HR Portal') using their real Microsoft or Google account. Because the user is logging into the legitimate provider, Multi-Factor Authentication (MFA) does not stop it. Once granted, the attacker has API-level access to read emails and files. PhiShark intercepts Consent Phishing by autonomously validating the OAuth request, analyzing the requested permission scopes, and verifying the true reputation of the app developer before the user can click 'Accept'.
Real-World Examples
- ▸A fake 'Document Signer' app requesting read/write access to a user's OneDrive
- ▸Malicious OAuth apps bypassing traditional password resets and MFA
- ▸Illicit consent grants leading to silent data exfiltration
Protect Against Consent Phishing (OAuth Phishing)
PhiShark's agentic AI detects and analyzes threats in real-time
Start Free Trial