From bleepingcomputer.com
![Phishing](https://www.bleepstatic.com/content/hl-images/2019/10/17/Phishing.jpg)
A phishing campaign has been discovered that doesn’t target a recipient’s username and password, but rather uses the novel approach of gaining access to a recipient’s Office 365 account and its data through the Microsoft OAuth API.