Microsoft’s Verified Publisher Status Misused in Email Theft Campaign

Microsoft's Verified Publisher Status Misused in Email Theft Campaign

Microsoft and cybersecurity company Proofpoint issued a warning to companies using cloud services about a recent campaign involving malicious OAuth applications and the abuse of Microsoft’s “verified publisher” status.

Those targeted by the campaign were primarily Microsoft customers in the UK and Ireland. The tech giant has taken action to thwart the scheme and has written an article on how users can safeguard themselves against these threats, which it refers to as “consent phishing.” A threat actor tries to trick a target user into giving permission to one of their malicious cloud applications in a consent phishing attack.

The malicious apps can access legitimate cloud services and user data once they have the necessary permissions. Microsoft claims that the attackers registered for the Microsoft Cloud Partner Program under the guise of legitimate businesses.

Read More: Microsoft’s Verified Publisher Status Abused in Email Theft Campaign

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.