【Information Security Advocacy】Do not easily grant authorization to large websites for other web applications! This may lead to credential leakage!

publish date : 2023-09-29 update date : 2024-06-03

 

Phishing attacks on the internet have evolved. Attackers are no longer just intercepting usernames and passwords; instead, they are persuading users to grant malicious applications access to their cloud services. This is known as "consent phishing attacks" where the attacker's goal is to directly grant individuals or organizations access to data.

In this type of attack, users will encounter a consent screen displaying the permissions requested by the application. Since the application is controlled by a legitimate provider, users often accept the terms without careful consideration, granting the requested permissions to the malicious application. This type of attack is more dangerous than traditional username and password phishing.

Authorize only trusted web applications to prevent such attacks!

 

  • If you notice any security anomalies on your personal computer, please report to the Computer Center promptly.
  • In case of computer infection, when viruses cannot be removed, isolated, or the system malfunctions, to prevent widespread computer virus infections and spread, disconnect the network connection first, then shut down the computer, and report to the Computer Center.

 

 

Organizer: Computer Center
Phone: 02-2908-9899
Extension: 2270