Register now for better personalized quote!

Microsoft warns about this phishing attack that wants to read your emails

Jan, 25, 2022 Hi-network.com

Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.  

Microsoft's Security Intelligence team warned this week that attackers are sending the OAuth phishing emails to "hundreds" of Office 365 customers. 

Recommends

  • Best VPN services
  • Best security keys
  • Best antivirus software
  • The fastest VPNs

The potentially malicious app, dubbed 'Upgrade', asks users to grant it OAuth permissions that would allow attackers to create inbox rules, read and write emails and calendar items, and read contacts, according to Microsoft Security Intelligence. 

SEE:Cloud computing is the key to business success. But unlocking its benefits is hard work

Targets would see a notification asking them to grant the app various permissions, such as to read and write your files, read calendars and so forth.  

The OAuth standard is supported by cloud and identity providers, including Google, Twitter, Facebook and Microsoft, as a way for users to grant third-party apps access to account information and data within apps from these companies. 

OAuth has been abused by attackers in the past and this trend forced Google to introduce stricter verification requirements for developers who use it to connect to Google apps. 

"The phishing messages mislead users into granting the app permissions that could allow attackers to create inbox rules, read and write emails and calendar items, and read contacts. Microsoft has deactivated the app in Azure AD and has notified affected customers," Microsoft said in a tweet. 

Twitter user and threat hunter @ffforward reported the OAuth phishing campaign to Microsoft. The Upgrade app was listed as coming from the verified publisher Counseling Services Yuma PC, according to @ffforward. The same Upgrade app was previously being offered to Office 365 users but via an unverified account.  

Microsoft recently said consent-phishing emails or "illicit consent grants" that abuse OAuth requests have steadily increased over the past few years.  

Consent phishing is an alternative for attackers to credential phishing. Instead of capturing passwords with phishing login pages, attackers use OAuth permission request screens to lure victims into granting access tokens that give the attacker account data from connected apps. In this scenario, sign-in is handled by an identity provider, such as Microsoft or Google, rather than the end user. Despite lacking a password, the attacker can still do things like set a rule to forward emails from a target to an attacker-controlled email account, laying the groundwork for future attacks.

"In most cases, consent phishing attacks do not involve password theft, as access tokens don't require knowledge of the user's password, yet attackers are still able to steal confidential data and other sensitive information. Attackers can then maintain persistence in the target organization and perform reconnaissance to further compromise the network," Microsoft noted. 

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.