A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users’ credentials. The attack leveraged the OAuth2 framework and the OpenID Connect protocol, along with a malicious SharePoint link designed to trick a victim into granting permission to a rogue application that the hackers control. From there, the rogue app could begin harvesting data from the Office 365 files or the contact list, Cofense says. The phishing attack started with an email that contains a malicious link thats designed to look like a SharePoint file.”]
Source: https://www.cuinfosecurity.com/phishing-attack-bypassed-office-365-multifactor-protections-a-14310