Phishing attacks on the internet have evolved. Attackers are no longer just intercepting usernames and passwords; instead, they are persuading users to grant malicious applications access to their cloud services. This is known as "consent phishing attacks" where the attacker's goal is to directly grant individuals or organizations access to data.
In this type of attack, users will encounter a consent screen displaying the permissions requested by the application. Since the application is controlled by a legitimate provider, users often accept the terms without careful consideration, granting the requested permissions to the malicious application. This type of attack is more dangerous than traditional username and password phishing.
Authorize only trusted web applications to prevent such attacks!