Consent phishing is an application-based cyberattack in which the attacker requests the victim’s permission through a malicious app to access sensitive data stored in their device’s cloud service.

Infographics -Consent Phishing
Download Infographic

Download and share the infographic for free with employees.

How does consent phishing work?

  1. An attacker registers an app with a third-party provider.
  2. The app is designed in a way that seems trustworthy, like using the name of a popular product in the market.
  3. The attacker sends the app’s download link to his targets through email-based phishing.
  4. Unsuspecting users download and install the app using the link. On first run, the app prompts malicious permissions to access the cloud storage of the device.
  5. On granting the permissions, the attacker gains access to the sensitive data stored in the cloud.

We recommend the following tips to consider:

  • Always use multi-factor authentication for your device and apps.
  • Download apps only from trusted application stores such as the Google Play Store and App Store.
  • Remember to check the ratings and reviews of an app before downloading.
  • Thoroughly review all permissions prompts of before agreeing to them.
  • Always check out for spelling and grammatical errors in an email or the application’s consent screen. It is likely to be a suspicious application.