The New Phishing Click Dilemma: How OAuth Consent Bypasses Multi-Factor Authentication
So-called “consent phishing” circumvents modern security controls by exploiting the intuitive acceptance of OAuth consent screens, and unlike classic password phishing, these attacks leave no suspicious login events and are invisible to MFA and SIEMs because authentication occurs legitimately.











