Phish Fryday – OAuth2 Phishing Attacks

Share Now


With credential theft making up a large portion of phishing attacks, many organizations wisely turn to MultiFactor Authentication (MFA) to protect the credentials of their employees. Attackers, however, are upping their game to continue gaining access to corporate accounts. Cofense Threat Analyst Elmer Hernandez joins us this week to discuss a particular attack observed by Cofense that leverages OAuth2 and OpenID Connect instead of passwords.

Learn more

OAuth2 Attack Bypasses MFA

Google Docs Scam

Questions or comments? Reach us at [email protected]

Discover how phishing awareness training can help your organization defend against changing phishing threats.

Read More Related Phishing Blog Posts


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.