OAuth consent phishing is an attack in which a user is tricked into granting a malicious or deceptive application access to data or account capabilities through an authorization prompt. It matters because attackers may gain meaningful access without stealing a password directly.
What is OAuth Consent Phishing?
In this attack, a user is sent a link or workflow that appears to request legitimate sign-in or integration approval. Instead of capturing the password, the attacker relies on the user approving permissions for a malicious or lookalike application. If approved, the attacker may gain access to email, files, contacts, calendars, or other connected services.
This makes the attack especially dangerous in modern cloud environments that depend heavily on delegated app access.
What OAuth Consent Phishing Commonly Abuses
Common targets include enterprise productivity suites, identity-provider ecosystems, cloud storage, messaging platforms, and any app environment where users can grant delegated permissions.
OAuth Consent Phishing vs. Credential Phishing
Credential phishing tries to steal the user’s password directly. OAuth consent phishing tries to trick the user into granting application permissions, which can bypass some traditional credential-focused defenses.
Frequently Asked Questions
Why is OAuth consent phishing hard to spot?
Because the user may see a real login page and a legitimate-looking permission prompt, which makes the attack feel safer than a fake password form.
How can organizations reduce this risk?
By restricting app consent, reviewing OAuth grants, educating users, and monitoring for unusual third-party application permissions and identity behavior.
Related Cybersecurity Terms
