Office 365 OAuth Attack Targets Coinbase Users

Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth. Office 365 users are receiving emails purporting to come from cryptocurrency platform Coinbase, which ask them to download updated Terms of Service via an OAuth consent app.

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.