What is Permission Phishing?

Permission Phishing’ or ‘Consent Phishing’: When hackers phish without stealing credentials, but with permissions instead.

Permission Phishing

‘Permission phishing’ is aimed at stealing permissions, and not at stealing passwords. The apps seeking permission appear harmless, but once permissions are granted, it can wreak havoc and gives access to hoards of sensitive data.

In simple words, a hacker leads you to an app that asks you to grant permissions, and once permissions are granted, all underlying data and your authorisation are available to the hacker instantly and remain available until the token or permission is available to the hacker.

Microsoft described this in a blog post and it exploits the widely used authorization technology OAuth 2.0.

Want to learn more about Consent Phishing or Permission Phishing, head on over to the great folks at HumanFirewall.io for a free security training or a free phishing simulation for your employees.



Cyber Security Investor

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store