
Phishing & Social EngineeringThreat Intelligence
Consent Phishing: Malicious OAuth Apps That Bypass MFA
Consent phishing tricks users into approving a malicious OAuth app — granting attackers token-based access to mail and files without ever touching a password or triggering MFA. Here is how it works and how to shut it down.
Marcus Chen·6/23/2026·6 min read