A new phishing technique is exploiting OAuth consent prompts to bypass multi-factor authentication, allowing attackers to gain access to user accounts even when MFA is enabled. Unlike traditional phishing that steals passwords, these attacks trick users into granting malicious applications permission to access their accounts through legitimate-looking authorization requests. Security experts warn that this method is particularly dangerous because it circumvents one of the most widely recommended security protections.