Whenever a user signs up for an app using their organizational email address, they are asked to accept a list of permissions that the app requires to run. These permissions range from the ability to view the users contact list, to full read and write permissions over just about any aspect of their cloud account. The risk comes from these permissions and what damage they can do if the app doesn't come from a trusted developer.
To elaborate. A third party app can request permissions to send emails on a users behalf. If that third party app became compromised, a bad actor could start sending phishing emails on behalf of your user.
Comments
0 comments
Please sign in to leave a comment.