The dangers of consent phishing for Office 365 users and how to protect your data

In the last few months, as a result of the pandemic, a record number of businesses have switched to remote working, using cloud technology such as Office 365 to ensure that they can operate fully with the majority, if not all key staff working from home rather than in the office. However, despite the many benefits of the shift to remote working, it has also exposed businesses to further security threats, for example, consent phishing attacks. 

What is consent phishing? 

When a cyber criminal baits users via email, asking you to provide information in order for them to be able to access and obtain login information and valuable data, the technical term given to this kind of attack is phishing. In contrast with traditional phishing where cyber criminals aim to steal user credentials, consent phishing is where attackers trick users into agreeing to grant a malicious app access to sensitive data.  

With so many people now working remotely via cloud systems, consent phishing attacks have increased considerably, with attackers targeting Office 365 accounts in order to gain access to a user’s emails, sensitive files, contacts, profiles and other sensitive information stored within a company’s cloud accounts (for example, SharePoint or OneDrive). 

Malicious web apps are designed to appear legitimate and are registered with OAuth 2.0 providers, so as to trick more users. When a user accepts a request to grant a malicious app consent to access their Office 365 account, the attacker can then access sensitive information, which can be disastrous for businesses and individuals 

Protection from consent phishing 

Due to the sophisticated nature of phishing emails and consent phishing applications in 2020, they can be very difficult for untrained individuals to spot. To protect your business and employees from phishing attacks, we recommend that you invest in anti-phishing and Office 365 security services.  

As remote working continues to be a norm for modern businesses, at Matrix IT, our experts are on hand to prevent phishing attacks via our spear phishing protection services. Using the latest in artificial intelligence technology and behavioural learning, we are able to identify phishing attacks. We also provide SPAM protection to help remove malicious emails and compromising links from your inbox. 

By providing these anti-phishing services, we help businesses to keep their data safe and sound. In addition to this, preventing phishing attacks also helps to cut out the downtime that can be associated with cyber attacks, helping to ensure that businesses remain efficient. 

Anti-phishing services in Fareham and Hampshire 

All kinds of phishing attacks have the potential to be extremely damaging for a business. For more information on anti-phishing services, please call Matrix IT today on +44 (0) 1329 888 444, or email us here.