Most phishing attacks are pretty straight forward. You receive an email that convinces you to log into some website you’re familiar with. But, it’s just a convincing looking replica of the website and what you’re really doing is entering your credentials into a bogus site. Once you do that, the bad guys have your credentials, and depending on which ones, they can create a whole lot of havoc for you.
What if there was a way to create that same havoc but without having to steal your credentials? Well, there is, and hackers are using it to phish people without having to worry about stealing their credentials. How are they doing it? Through apps on your smart phone. According to an article on Tech Republic, “In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data.” And once they have access, there’s no telling what kind of havoc that can cause.
Microsoft calls this type of attack a consent phishing attack. “Today developers are building apps by integrating user and organizational data from cloud platforms to enhance and personalize their experiences. These cloud platforms are rich in data but in turn have attracted malicious actors seeking to gain unwarranted access to this data. One such attack is consent phishing, where attackers trick users into granting a malicious app access to sensitive data or other resources. Instead of trying to steal the user’s password, an attacker is seeking permission for an attacker-controlled app to access valuable data.”
Even though the hackers are not seeking your login credentials, they still need to get a malicious link in front of you to get you to grant them access permission. Instead of sending you to a malicious website to grab your credentials, it simply grants them permission to grab your data. And that malicious link is the key to stopping this phishing attack.
Email security products like Phishing Protection from DuoCircle work by sniffing out malicious links intending to send you to a phishing website. Well, that same technology can be used to sniff out malicious links that grant them permission. How do they do that?
Almost all malicious links work by exploiting one of two techniques: domain name spoofing or display name spoofing. In other words, the link doesn’t point to where you think it does. And when a link points some place that’s unsafe, Phishing Protection knows it and keeps you from clicking on it. So, whether it points to a phishing website or one that grants you permission, you’re protected.
Hackers are only going to get more sophisticated. Smart phone apps are only going to get more popular. You have got to protect yourself from all forms of phishing attacks, which now include consent phishing attacks. And one of the easiest and most affordable ways to do that is with Phishing Protection from DuoCircle.
Phishing Protection requires no hardware, no software and no maintenance. It sets up in 10 minutes, works with all major email providers and costs just pennies per user per month. Phishing Protection is the best investment cost-conscious companies can make to protect themselves from today’s most sophisticated phishing attacks. Try it free for 60 days.