#consent phishing

Security awareness tips, industry news, and product updates.

Employee reviewing an application permission request on a laptop screen
Phishing & Social EngineeringThreat Intelligence

Consent Phishing: Malicious OAuth Apps That Bypass MFA

Consent phishing tricks users into approving a malicious OAuth app — granting attackers token-based access to mail and files without ever touching a password or triggering MFA. Here is how it works and how to shut it down.

Marcus Chen·6/23/2026·6 min read