Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes

Business email compromise, illicit cryptomining, phishing ... if it makes a dollar, this lot do it

Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes – such as business email compromise (BEC), phishing, large-scale spamming campaigns – and deploying virtual machines to illicitly mine for cryptocurrencies, according to Microsoft.…

abuse bec business business email compromise campaigns compromise crimes cryptomining cyber cyber crimes email email compromise financial large lot machines mfa money oauth phishing scale spamming virtual virtual machines