Top 5 things to know about consent phishing
Technology

Top 5 things to know about consent phishing

By Naomi Gleit

Just when you thought you knew what phishing perils to watch out for, along comes a new spin: consent phishing. Here’s a look at this latest threat.

Image: Getty Images/iStockphoto

Remember when phishing was a funny new term for tricking people into giving up information? Now there are so many variants, spear phishing, clone phishing, and even whaling!

If you just don’t talk to people you can avoid being phished right?

Meet “consent phishing,” a way to get your authentications tokens using only dialog boxes and links. Here are five things to know about Consent Phishing.

  1. It uses cloud apps. Maybe it’s Google. Maybe it’s Microsoft. Maybe another platform. But the malicious actor has registered an app with a reputable cloud service. They just need to trick you into clicking a link that brings up the services permission request. Because the request comes from a trusted cloud service provider, people are more likely to accept the request for the malicious app to read and send your mail and manage your data.
  2. Once consent is granted, it’s permanent until you change it on the cloud service. Change your password? Add multifactor authentication? Doesn’t matter. You granted this app access and until you revoke it, it will use it.
  3. Regularly review your apps. On Google and Microsoft and Amazon and Facebook and whatever else you may have once granted access to something, go into security settings and look. You’ll be surprised how many things you granted access to over the years. If you don’t recognize something, revoke it. If it’s legit you can always grant it access again later.
  4. Admins can help. Users should be allowed to grant consent only to verified app publishers. Or even better, only to an approved list of apps you trust. And monitor your cloud platform for third-party app behavior that seems odd.
  5. Educate users. Make people aware that an app requesting permission could be a threat. Just knowing this will at least make them read the OAuth request before clicking more often — which can definitely cut down on the number of incidents.

I suspect there will be no end to the variants of phishing. But spreading the word as each new kind leaps from the sea can help us all weather the storms.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Naomi Gleit 44838 posts 0 comments
More Stories

The path to generative AI value: Setting the flywheel in…

Scientists developed a sheet of gold that’s just one atom…

Samsung Galaxy A55 vs Vivo V30 Pro: How the two affordable…

1 of 69,744