Phishing Attack Hijacks Office 365 Accounts Using OAuth Apps

By GIXnews

A phishing campaign has been discovered that doesn’t target a recipient’s username and password, but rather uses the novel approach of gaining access to a recipient’s Office 365 account and its data through the Microsoft OAuth API. […]

Source:: BleepingComputer