What is consent phishing?
Most people are familiar with the two most common types of phishing — credential phishing and phishing payloads, where attackers trick users into revealing credentials and downloading malicious software respectively. However, there is a third type of phishing on the rise: consent phishing.
Consent phishing deceives users into granting a third-party SaaS application access to their account, enabling it to retrieve sensitive information or act on their behalf. These attacks leverage existing permissions provided by identity and OAuth providers like Google and Microsoft. For example, the Mail.ReadWrite scope on Microsoft allows a third party SaaS app to read and reply to any email on the user’s inbox.
OAuth was originally created to enhance user experience and productivity by seamlessly integrating software tools. In the past few years, OAuth has become a widely adopted authentication method due to the surge in the number of SaaS applications used in the workplace. According to SaaS Academy, most large enterprises have 450 active SaaS apps at a given time, with an average employee working with 12 to 14 applications on a daily basis. Thus, the growing demand for seamless integration and efficient workflows has made OAuth a critical tool.
Unfortunately, the very same consent capabilities have been repeatedly misused by attackers to steal confidential data, impersonate employees and distribute malware. This article will discuss the mechanisms behind consent phishing, some case studies and best practices to defend against this rising attack form. However, in order to truly understand consent phishing, it is important to first understand how OAuth works.
Understanding how OAuth Works
OAuth was created to enable users to authenticate through a single trusted Identity Provider (IDP), which can then be used by other applications to verify the user’s identity. Applications can also request permissions to perform actions on behalf of the user. These permissions, known as scopes, define the extent of the actions an application can take on the user’s behalf.
This is what a typical OAuth flow looks like:
- The user signs up and accesses a new Sa
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from Security BoulevardRead the original article: