Microsoft 365 customers can be at risk. The company has issued a warning for its office users, noted on Twitter that potentially dangerous applications, which are currently called upgrades, will travel through phishing emails sent to hundreds of Office 365 customers. Microsoft said the email asked the user to give OAuth permission Enter, write email, read email, and create calendar items. In addition, he asks permission to read your contacts.
Concerns over the email came from the use of previous OAuth services by bad actors to gain access to users in the past. Because this e-mail is around misleading users to give permission, Microsoft Security Intelligence is worried that it can lead to evil activities on your account if you provide access.
This is just another example of what is known as phishing permissions. Basically, consent phishing is when the attacker utilizes the permission request screen to make users provide token access to their account. This then gives attacker access to account data from the connected application. Even though it doesn’t provide full access access to the account, it can let intruders set the rules to forward email to their own account, allowing them to continue the attack on other websites in the future.
If you want to avoid the approval of phishing fraud like this, always be aware of where the authorization request originates. In addition, try to limit which third party applications you provide to your account.
Provide third-party application access to your email, especially with some permissions requested by this Microsoft Scam, can provide an attacker way to get access to other accounts from you, by forwarding emails to re-regulating other important security passwords and security notifications away from the inbox Your main thing. You can also oversee the email address that sends this request for permission to verify whether they are official or not.
After the invention of the application Twitter users, Microsoft has disabled the application and reminded every affected individual. If you use Microsoft Office 365, pay attention to each email that comes asking you to provide any OAuth permission – or really permission whatever you know.