← Back to News List

Office 365 phishing via malicious OAuth apps

You Can Be Tricked Into Giving Access To Your Files

During the pandemic, Microsoft has seen a rise in phishing campaigns. One such campaign uses the Office 365 phishing via malicious OAuth apps. The phishing attack attempts to trick individuals into giving a malicious Office 365 app permission to their legitimate Office 365 account.


Open Authentication(OAuth) is an open standard protocol which allows users to give websites and applications access to their information without the use of a password or username. Popular sites that use OAuth include Google, Twitter etc.


When granting such access, you may see something like this:




Once the malicious Office 365 app is linked to your Office 365 account, the hackers can access your private information and any other sensitive data stored on your Office365 account. This malicious Office 365 app asks for permissions which include but are not limited to:

  • Reading your contacts.

  • Reading your mail.

  • Reading all OneNote notebooks that you can access. 

  • Reading and writing to your mailbox settings.

  • Having full access to all files you have access to.


Microsoft has taken legal actions against 6 domains that store the malicious Office 365 applications.

However, you can check the apps and services that you have given consent to access your Office 365

information.


To disable these permissions:

  1. Visit: https://account.live.com/consent/Manage?uaid=a11edb2059b64ae499fce9f494c2f53f

  2. Click Edit

  3. Click Remove these permissions




Source: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-office-365-phishing-via-malicious-oauth-apps/


https://www.bleepingcomputer.com/news/security/phishing-attack-hijacks-office-365-accounts-using-oauth-apps/


_________________________________________________________________________

Receive any suspicious emails?


Forward it to security@umbc.edu along with the email headers. Instructions for doing so can be found at the UMBC support wiki: https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.


Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity

Tags:

Posted: August 18, 2020, 5:53 PM