This functionality is called Open Authorization (OAuth) and grants third-party apps permission to access your information. For example, think of the ability to post Instagram photos to your Facebook or Twitter feed. It works great in theory, but it can create problems if abused. Read on to see how hackers have exploited the authorization process to hijack emails.
Here’s the backstory
A new phishing scam has emerged that abuses the OAuth system, wreaking havoc for numerous businesses. Microsoft’s Security Intelligence team explained that phishing emails went out to customers, attempting to steal corporate information. The malicious emails urge recipients to grant OAuth access to a suspicious app called Upgrade. Once given, the app can read and write emails, access the target’s contacts and edit calendar items. It also creates inbox rules to forward or delete specific emails. Complicating matters is that the Upgrade app supposedly comes from the verified publisher Counseling Services Yuma PC. This fact, discovered by a self-proclaimed phish hunter on Twitter, reported it to Microsoft. Previous abuse of the OAuth platform led Google to implement stricter verification requirements for developers a few years ago.
What you can do about it
You might be in danger of receiving the phishing email if you or your company is an Office 365 customer. Microsoft deactivated the app in Azure AD and alerted customers. Still, until the issue is solved, there are a few things that you can do to stay safe online:
Never grant OAuth access to unknown apps or programs.Don’t download attachments from unsolicited emails. That is because phishing emails mimic legitimate senders and are relatively easy to spoof.Contact your IT administrator to verify the app if you receive an OAuth request through your company email.
Keep reading
This fake invoice is scaring Microsoft Windows users into paying up Clever fake UPS email takes phishing scams to a whole new level
