Verification phishing
Summary
Email verification is sometimes used as a control, such as when registering new accounts. This is typically implemented by emailing the target user with either a clickable link for them to verify or a verification code that they need to enter.
Verification phishing is when an adversary uses phishing, or some other type of social engineering, to convince a user to click a verification link or pass them the verification code in order to defeat this control. This is most relevant when combined with cross-IdP impersonation in order to circumvent strong SSO authentication to gain direct control of downstream SaaS applications.