Microsoft Warns of Application-based Phishing
Microsoft has issued an advisory warning about “consent phishing,” or application-based phishing attacks that rely on users granting permissions to malicious apps. These attacks aren’t as well-known or as obvious as credential-harvesting or email-based phishing attacks, but they can be just as dangerous. In consent phishing attacks, the user sees a pop-up from an application requesting extensive permissions. This consent screen lists all the permissions the app will receive, and many users may go on to accept the terms uncritically because they assume the app is trustworthy.