Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Consent phishing tricks users into authorizing a malicious OAuth app, granting attackers persistent token-based access without stealing passwords.
Consent Phishing Definition: Consent phishing tricks users into authorizing a malicious OAuth app, granting attackers persistent token-based access without stealing passwords.
Consent phishing, also called illicit consent grant or OAuth phishing, is an attack in which a victim is tricked into authorizing a malicious OAuth application that requests access permissions to their account data. Because the victim grants the app a legitimate access token through the real identity provider, the attacker gains persistent API access to email, files, or other resources without ever capturing the password or MFA code. Defenses include restricting third-party app consent, admin approval workflows, and monitoring for risky OAuth grants.
Consent Phishing is one of the topics you'll master in the Security+ Boot Camp.
Security+ Boot Camp →