LASER_oneXM

Level 35
Verified
A phishing campaign has been discovered that doesn't target a recipient's username and password, but rather uses the novel approach of gaining access to a recipient's Office 365 account and its data through the Microsoft OAuth API.

Almost all Microsoft Office 365 phishing attacks that we see are designed to steal a user's login name and password by impersonating a Microsoft login landing page.

In a phishing campaign discovered by threat intelligence and mitigation firm PhishLabs, attackers are no longer targeting a user's login credentials, but are now using Microsoft Office 365 OAuth apps to hijack a recipient's account.
... ...