Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes

Business email compromise, illicit cryptomining, phishing ... if it makes a dollar, this lot do it

Multiple miscreants are misusing OAuth to automate financially motivated cyber crimes - such as business email compromise (BEC), phishing, large-scale spamming campaigns - and deploying virtual machines to illicitly mine for cryptocurrencies, according to Microsoft....