ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
A new attack technique called ConsentFix and ClickFix can hijack Microsoft 365 accounts in three seconds. The attack exploits OAuth consent phishing to gain access to user accounts and data.
Developers must be aware of OAuth consent phishing risks to prevent rapid account takeovers.


