Third-Party App OAuth Risks

What You'll Learn

• Evaluate OAuth consent screens by comparing requested permissions against what an app legitimately needs to function
• Audit all third-party applications currently connected to your corporate accounts and identify those with excessive or unnecessary permissions
• Revoke OAuth tokens for unused, suspicious, or overly permissioned third-party applications
• Recognize consent phishing attacks where malicious apps disguise themselves as legitimate IT or security tools
• Apply your organization's app approval process before authorizing new third-party tools to access corporate data

Training Steps

1. A Productivity Recommendation

   Welcome to Meridian Financial Group! You are Alice, a portfolio analyst who manages multiple client relationships. You've been feeling overwhelmed with calendar management and email follow-ups. Your colleague Marcus mentioned a tool that helped him stay organized.

2. Marcus's Recommendation

   You receive an email from Marcus about the productivity tool he mentioned.

3. Connecting the App

   The tool sounds exactly like what you need. Marcus is a trusted colleague who wouldn't recommend something harmful. You click the link to check out SmartSync Pro.

4. Authorizing the App

   The SmartSync Pro page looks professional and promises useful features. To connect the app, you need to authorize it through your Meridian Workspace account.

5. The OAuth Consent Screen

   You're redirected to your company's Meridian Workspace portal, which displays a consent screen asking you to authorize SmartSync Pro. The app is requesting access to your account. You need to review the permissions and click 'Allow' to connect the app.

6. App Connected Successfully

   SmartSync Pro is now connected to your Meridian account. The confirmation screen shows that the app can now access your data. You close the window and continue with your day, satisfied that you'll now have better calendar management.

7. Three Weeks Later

   Three weeks pass. You've been using SmartSync Pro for calendar reminders - though it doesn't seem as sophisticated as Marcus described. One morning, you receive an urgent email from IT Security.

8. A Sinking Feeling

   Your heart sinks as you read the alert. The productivity tool you installed has been secretly harvesting your data. In financial services, this kind of data exposure could have serious regulatory consequences. You need to contact IT Security right away.

9. What Went Wrong

   David from IT Security explained that SmartSync Pro wasn't a legitimate productivity tool - it was a data harvesting application designed to steal corporate information. But wait - Marcus recommended it. Alice realizes she should check if Marcus actually sent that email. She opens the original message to examine it more closely.

10. Examining the Sender

    Looking at Marcus's original email again, Alice decides to verify if Marcus actually sent it.