Beware of a new type of phishing attack that’s tricking recipients into granting ongoing access to their email accounts. Most recently seen on May 3 in the form of a fake Google Doc app, the new credential phishing technique bypasses all the typical red flags like spoofed links, sign-in requests, and attached files that ordinarily warn users to be cautious. Instead, it sends users an Open Authentication permission request for a trusted and authorized application. Worse yet, changing passwords isn’t enough to block the attack or kick out the attacker.
This is a new level of sophistication in phishing attacks, and one every organization should be aware of. Contact us about our phishing education programs to find out how to recognize it and what to do to counter it.