Consent Phishing
Consent phishing tricks a user into granting a malicious OAuth app access to their Google Workspace or Microsoft 365 account. No password is stolen, MFA is unaffected, and the attacker holds the mailbox.
Consent phishing is an attack where the victim is tricked into granting a malicious application OAuth permissions to their account, giving the attacker legitimate, token-based access to mail, files and calendars without ever stealing a password. It defeats MFA by design, because the victim personally approves the access.
Key facts
- The attack abuses OAuth, the standard "Sign in with / Allow access" mechanism in Google Workspace and Microsoft 365.
- Password changes and MFA do not end the attack; the granted token keeps working until the grant itself is revoked.
- Malicious apps increasingly impersonate popular AI tools, riding the shadow AI adoption wave into corporate accounts.
How the attack works
- The attacker registers an app with a plausible name and icon ("PDF Viewer Pro", "AI Email Assistant").
- A phishing email or link asks the victim to connect it: the consent screen is Google's or Microsoft's own, genuine and reassuring.
- The victim clicks Allow on scopes like "Read your mail" or "Access your files".
- The attacker now holds a valid token: silent mailbox access for reconnaissance, thread hijacking for business email compromise, data theft, or lateral phishing sent as the victim.
The dangerous part is step 3: every visual trust signal is real. The page is authentic, the padlock is valid; only the app behind it is hostile.
Why traditional defenses miss it
There is no malicious attachment, no credential harvesting page, and no failed login to alert on. The access is technically legitimate, granted through the platform's own front door, and persists quietly in a list of connected apps that few organizations review. This is the same visibility gap that lets shadow IT accumulate, weaponized.
How to defend
Restrict user consent in Google Admin and Microsoft Entra (require admin approval for unverified apps or sensitive scopes), review existing OAuth grants and revoke what nobody recognizes, train employees that a genuine consent screen is not proof of a genuine app, and monitor continuously for new grants, because one click restores the risk.
How Sentaro stops consent phishing
Sentaro's App Intelligence layer watches the OAuth layer of Google Workspace and Microsoft 365: consent phishing lures are blocked in mail flow, new grants are surfaced with their scopes, and lookalike apps impersonating known brands or AI tools are flagged before access is approved, the same layer that gives you shadow IT discovery.
FAQ
What is consent phishing in simple terms?
Instead of stealing your password, the attacker tricks you into clicking Allow on a malicious app's permission request. The app then has real access to your mail or files, and MFA does not help because you approved it.
Why doesn't changing my password stop it?
The attacker holds an OAuth token, not your password. Access ends only when the app's grant is revoked in your Google or Microsoft account settings or by an admin.
How do I check what apps have access to my account?
In Google: Security > Third-party apps with account access (admins: API controls > App access control). In Microsoft 365: Entra admin center > Enterprise applications, or myapps.microsoft.com for individual users.
How common is consent phishing?
It has grown steadily since platforms hardened password attacks with MFA, and both Microsoft and Google have repeatedly warned about waves of it. Attackers follow the path of least resistance, and permissions are now often easier to steal than passwords.
Is consent phishing related to shadow AI?
Directly: employees are being trained by the AI boom to connect new tools to their accounts, and attackers exploit exactly that habit with fake AI apps requesting broad scopes.