From zdnet.com
Microsoft is warning that Office 365 customers are receiving phishing emails that aim to trick them into giving OAuth permissions to a bogus app that then lets attackers read and write emails.
Microsoft’s Security Intelligence team warned this week that attackers are sending the OAuth phishing emails to “hundreds” of Office 365 customers.
The potentially malicious app, dubbed ‘Upgrade’, asks users to grant it OAuth permissions that would allow attackers to create inbox rules, read and write emails and calendar items, and read contacts, according to Microsoft Security Intelligence.