Microsoft issues critical Office 365 phishing warning

Microsoft 365 customers could be at risk.

Microsoft has issued a warning on Twitter for users of its Office 365 service that a potentially malicious app called ‘Upgrade’ is going around to hundreds of its customers via consent phishing emails. Microsoft says the email asks for users to grant OAuth permissions to create inbox rules, write and read emails, create calendar items, and read contacts. The phishing email misleads users into granting permissions, thus concerning Microsoft Security Intelligence that granting access may lead to malicious activity on your account.

Following the discovery of the consent phishing app by Twitter user @fffforward, Microsoft has disabled the malicious app and alerted any affected individuals. If you use Microsoft Office 365 please be cautious of any emails you receive requesting you to provide any kind of OAuth permissions.

What is Consent Phishing?

Consent phishing is when an attacker imitates a permission request screen to get the user to grant access tokens to their account. This then gives the attacker access to the account data from the connected authorization app. Even though this strategy doesn’t give the attacker complete access to the targeted account, it allows the intruder to set specific rules or requests, such as forwarding emails to their own accounts or allowing them to continue the attack on other websites in the future.

How can I reduce the risk of Consent Phishing?

Be cautious of where requests for authorization are coming from and try to limit which, and how many, third-party applications you give access to your accounts.

The greater risk of giving any third-party app access to your email is that you risk providing an attacker a way to gain access to other accounts of yours by allowing them access to forwarding emails that could contain password resets or other important security notifications.

You can also keep an eye on the email address that sends out these permission requests to verify if they are official or not.

Resources

SlashGear Article January 25th, 2022

Support

Contact

Managed Services

Technology

Data

Cyber Security

Web

Top Data Breaches of 2023

How to measure the value of Cybersecurity?

Explore insights, case studies, news, and resources by category.

Partek's vast and flexible solutions portfolio can meet the needs of any size business. Our solutions are customizable to suit your businesses unique workflows and requirements.

Solutions by Industry

We pride ourselves on the integrity and expertise that we demonstrate to our clients. Staying fast and efficient is our competitive edge.

Behind every great company, is a great group of people.

Support

Contact

Microsoft issues critical Office 365 phishing warning

Microsoft 365 customers could be at risk.

What is Consent Phishing?

How can I reduce the risk of Consent Phishing?

Contact

Support

Support

Company

Services

Managed Services

Technology

Data

Cyber Security

Web

Explore insights, case studies, news, and resources by category.

Partek's vast and flexible solutions portfolio can meet the needs of any size business. Our solutions are customizable to suit your businesses unique workflows and requirements.

Solutions by Industry

We pride ourselves on the integrity and expertise that we demonstrate to our clients. Staying fast and efficient is our competitive edge.

Behind every great company, is a great group of people.

Microsoft 365 customers could be at risk.

What is Consent Phishing?

How can I reduce the risk of Consent Phishing?

before you go...

Support

Company

Services

Subscribe to our Newsletter