Rather than steal your user’s credentials, this latest attack takes the OAuth route to gain access to the victim’s mailbox. This gives cybercriminals continual access, regardless of whether the user is logged on or not.
originally published onhttps://blog.knowbe4.com/microsoft-warns-of-latest-consent-phishing-attack-intent-on-reading-your-email
