Start your day with intelligence. Get The OODA Daily Pulse.

Home > Briefs > Cyber > ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

It can start with something as mundane as dragging a link into your browser. Three seconds later, a threat actor has the tokens needed to take over your Microsoft 365 account, and you never did anything that traditional security awareness training would flag. You just followed what looked like a normal set of instructions. That’s the defining characteristic of modern cybercrime: it doesn’t force its way in. It steps quietly into the middle of an everyday workflow and turns a routine action into the moment everything goes wrong. These attacks work because of habits we’ve all built up online. Clicking through CAPTCHAs, accepting cookie prompts, pressing a key combination to move a process along. That trained reflexiveness is exactly what attackers are counting on.

Full report : ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows.