Please fill in the form below to subscribe to our blog

3 Phishing Threats Right Under Every Employee’s Nose

February 04, 2022

These 3 Phishing Threats Lurk Where You Least Expect Them


Phishing is the number one data breach risk and a plague on businesses. Every day, employees are inundated with dangerous messages, and some are harder for employees to spot than others, opening their employers up to trouble if a tricky message slips through. 97% of employees are unable to detect a sophisticated phishing message. Cybercriminals are more than happy to press their advantage by crafting sophisticated messages that can easily slip under an employee’s radar like these 3 threats.  


Be the hero that defeats a company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>


Consent Phishing  


An alternative to credential phishing (the more common type of phishing) is consent phishing. In a consent phishing scenario instead of attackers aiming to capture passwords with phishing login pages and other ruses, the bad guys utilize another tool: OAuth permissions. They use those requests to lure victims into a false sense of security because it isn’t an expected phishing tool. Bad actors send requests to their victims, and when the victims accept, the bad actor is granted access tokens that give the attacker account data from connected apps. In this scenario, sign-in is handled by an identity provider, like Microsoft or Google, rather than the end-user. That gives the bad guys an advantage: despite lacking a password, they can still take action to enable future cyberattacks on the victim by doing things like do setting a rule to forward emails from a target to an attacker-controlled email account. 

Microsoft sounded the alarm on Twitter this week to warn businesses that a consent phishing scam is making the rounds. In the thread, Microsoft cautions that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a sham app. When they do, the attackers can read and write emails on the victim’s account. Microsoft Security Intelligence disclosed that the malicious app is named “Upgrade”. When installed, it asks users to grant it OAuth permissions that would allow attackers to create inbox rules, read and write emails and calendar items and the victim’s contacts. The company said that hundreds of O365 customers have been sent the initial phishing message. Earlier this year, Microsoft noted in its blog that consent phishing emails or “illicit consent grants” that abuse OAuth requests have steadily increased in the last few years.  


a cartoon image of hands with fingers pointed at an embarrased-looking white woman with a brown bob in professional clothing

Your company’s top security risk is already inside the building. Learn how to fix it with The Guide to Reducing Insider Risk. GET IT>>


Reconnaissance Attacks/Bait Phishing 


Reconnaissance attacks or bait phishing is another sophisticated threat that is currently making the rounds. A reconnaissance attack is heavily based on social engineering. In this scenario, the attackers attempt to bypass security by creating a highly believable message. Employees (and security solutions) are on the lookout for the common signs of a phishing message like bad grammar or misspellings. But bait phishing messages are carefully crafted to avoid those red flags. The aim of these phishing messages is to lure the recipient into a false sense of security that will entice them to click a link or download a file by establishing a dialogue.  

Bait phishing usually starts with a friendly, unobjectionable message that serves two purposes for the bad guys: testing and/or penetrating the intended recipient’s email security defenses and verifying that the email address is in active use. The initial message is usually devoid of malicious links or files. It also doesn’t solicit any action from the recipient beyond a response. The goal with the initial message is to start a conversation with a potential target to lull them into believing that the bad guys are on the level and determine which potential targets are likely to interact with future messages. 

If the target responds to the first message it’s game on for the bad guys. They can start phishing in earnest. Further messages to the target capitalize on the attacker’s initial toehold by going after the victim’s credentials, transmitting malicious links or passing along unsafe attachments. Lately, the messages in this version of phishing have been originating from Gmail – 91% of cybercriminals engaged in bait phishing utilize Gmail, leveraging the fact that Gmail is a very common source for messages and it’s highly unlikely that their fresh Gmail addresses will ping immediate alarms or be on anyone’s blacklist.  


Learn 5 red flags that could indicate a malicious insider is at work in your organization! DOWNLOAD INFOGRAPHIC>>


Hidden Danger Phishing Schemes 


Many employees have become more aware of phishing, and they’ve learned to use caution in the places where the bad guys commonly set their traps. Security awareness training works, and employees who have been trained know to be wary of clicking strange links or interacting with unexpected messages, even on social media. So the bad guys have had to get creative. In another hard-to-detect phishing scenario, bad actors take advantage of the collaborative nature of today’s workspaces to sneak malicious links into places that employees may not be expecting them, like the comments section of a Google Doc.  

To kick off their phishing operation, a bad actor creates a seemingly harmless Google Doc. That bad actor then adds their victim to the document by @ commenting them in the comments feature. When the cybercriminal takes that action, the victim is automatically sent an email with a link to the Google Docs file. The email that the target receives displays the entire contents of the comment, including the bad link and other enticing text added by the attacker. This scenario is so insidious because the victim never even has to interact with or open the document to be served the malicious link; it’s right there in the notification email, presented in a way that is likely to neatly bypass security. The same process can be used to kick off a phishing operation with most Google Workspace documents, giving bad actors plenty of choices and chances to lure in an unwary employee. 


faint images of US dollars in a pile shaded in rainbow prismatics

Find out exactly how security awareness training makes your company safer & saves money! WATCH NOW>>


This phishing variant is practically tailor-made for companies that use Google Workspace in the course of everyday business, and it’s likely to be especially effective against remote workers and at large companies. The malicious message doesn’t contain the creator’s full email address, just their username. A savvy bad actor might even choose a username that would seem personally appealing and harmless to the recipient, like a colleague or family member’s name if they were focusing tightly on a particular target. It also capitalizes on both social engineering and the commonality of employees receiving and handling routine notifications every day. Employees constantly receive alerts that they’ve been mentioned in a comment on a document, making these dangerous messages a very slick way to phish.  

This risk started gaining traction in late 2021 and kept picking up steam through the year’s end, prompting IT experts to put out warnings that this threat was becoming increasingly serious. By year’s end, that prediction came to fruition. Businesses have been faced with a wave of attacks that abused these commonly used productivity features included in Google Docs to send their employees potentially malicious content opening them up to danger. 


A strong security culture reduces your company’s chance of a data breach. This checklist helps you build it. GET IT>>


These and Other Phishing Risks Deliver Danger to User Inboxes Daily


With risks like these around every corner, it’s easy to see why every company needs to make a powerful defense against phishing a top priority to avoid joining the ranks of the 60% of businesses that fold in the wake of a cyberattack. The ID Agent digital risk protection platform answers that call. 

 BullPhish ID – This freshly revamped security awareness training solution is packed with features that make the training process efficient, effective and easy. 

  • Preloaded phishing kits help employees learn to spot and resist the phishing lures they face every day.  
  • Video lessons on subjects like ransomware, compliance, password safety, security hygiene and more give every employee a solid grounding in cybersecurity best practices. 
  • We add 4 new videos a month in 7 languages to make sure that your users are trained on the risks and compliance requirements that they’re facing right now! 
  • Automate training delivery, testing and reporting.  

Dark Web ID – Find all of a company’s compromised credentials in minutes! Plus, you’ll be alerted to new credential compromise risks immediately 24/7/365 with monitoring of business and personal credentials, including domains, IP addresses and email addresses.  


 Contact an ID Agent solutions expert now for a personalized demo of our award-winning solutions. 




let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>


Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!

SCHEDULE IT NOW>>