Researchers from Amnesty International noted that Egyptian authorities are behind the recent spear phishing attacks that target Egyptian human rights defenders, media, and civil society organization staffs.
What is OAuth phishing?
The authorities are using a new spear-phishing technique called ‘OAuth phishing’. In ‘OAuth phishing attack, attackers target user account’s OAuth token instead of passwords. For which, the authorities have created Gmail third-party apps.
When a user grants a third-party app the right to access the account, the app receives an OAuth token instead of passwords. Egyptian authorities are using third-party apps to compromise the victim’s accounts.
How does OAuth phishing work?
Amnesty International experts revealed that these spear-phishing attacks weren't limited to Gmail alone, but Yahoo, Outlook, and Hotmail users were also targeted.
“OAuth Phishing can be tricky to identify. Often, security education for individuals at risk does not include mentions of this particular technique. People are usually trained to respond to phishing by looking for suspicious domains in the browser's address bar and by enabling two-factor verification. While those are very useful and important safety practices to adopt, they would not help with OAuth phishing because victims are in fact authenticating directly through the legitimate site,” Amnesty International said.