Consent Phishing — Solving Microsoft 365

Consent phishing (also called OAuth phishing or illicit consent grant) is an attack pattern where attackers trick users into granting OAuth permissions to a malicious application. The user clicks a link, sees a Microsoft sign-in page asking them to allow an app called something innocuous to "Read your mail, Read contacts, Send mail as you" — and clicks Accept. The attacker now has API-level access to the user's mailbox without needing the user's password or MFA at all. Mitigated by restricting user consent in Entra ID admin centre (users can consent only to low-risk permissions; the rest need admin consent), Defender for Cloud Apps alerting on suspicious OAuth grants, and user awareness training about consent prompts.