[Blog Post] OAuth 2.0 Threat Landscapes
By Prabath Siriwardena
- 23 Jun, 2017
Not long ago — early one day in May, I got an email from a good friend of mine, which I didn't resist to open and check out what it was. He had shared a Google doc — and once I clicked on the link a suspicious screen appeared, asking me permission to read, delete, send and manage my emails. Why on the earth would ‘Google Docs’ ask permissions to access my emails? I really didn’t bother to see whether it’s the real Google Docs — or fake, but I didn’t proceed any further. It’s not true for all of us — on 3rd May, 2017, many people didn’t bother giving the fake ‘Google Docs’ app the permissions to access their emails. It was a phishing attack...
To read the rest of Prabath's blog on OAuth 2.0 thread landscapes click here.