Published January 27, 2022
Author: Ash Khan

Users who use office 365 may be in danger. The corporation has issued a notice to Office 365 subscribers, stating on Twitter that a possibly hazardous program, presently known as Upgrade, is spreading through phishing emails sent to thousands of Office 365 clients. According to Microsoft known Microsoft Teams, the email requests that users allow OAuth capabilities to set inbox rules, write emails, read emails, and create calendar items. It also requests access to read your contacts. 

Complaints about the emails stem from prior criminal actors’ exploitation of OAuth services to obtain access to users’ accounts. Because the email being circulated misguides users into accepting the rights, Microsoft Security Intelligence is worried that allowing permission might result in harmful activities on your account. 

This is yet another case of consent phishing. Consent phishing occurs when hackers utilize authorization request screens to trick users into granting access tokens to their accounts. As a result, the hacker has entry to account data from the associated applications. Even if it does not grant the attacker complete access to the account, it may allow the attacker to create rules for sending emails to their own accounts, enabling them to carry out the assault on other sites in the long term. 

If you wish to prevent consent phishing schemes such as this one, you should constantly be mindful of where permission requests are originating from. Also, attempt to minimize the third-party programs that have access to your accounts. 

Allowing any third-party software access to your email, specifically with several of the permissions requested by this Microsoft hoax, might allow hackers to acquire entry to other accounts by redirecting emails for password resets as well as other crucial security alerts away from your primary inbox. You may also monitor the email address that carries out these authorization requests to see if they are legitimate. 

Due to the discovery of the application by Twitter user, Microsoft removed it and notified any impacted users. If you use Microsoft Office 365, be wary of any emails that request you to offer OAuth access – or any permissions, for that matter – that you do not recognize. 

Off