Pawn Storm Abuses OAuth In Social Engineering Attacks

This blog post discusses how Pawn Storm abused Open Authentication (OAuth) in advanced social engineering schemes. High profile users of free webmail were targeted by campaigns between 2015 and 2016.

Hackers Abusing OAuth Token to Take Over Millions of Accounts

Detection and Mitigation of Illicit Consent Grant Attacks in Azure AD - Thomas Naunheim

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

Russian cyber attack campaigns and actors

Oauth Token Stealing - Red Team Blog

Shining a Light on OAuth Abuse with PwnAuth

How to Protect Against Social Engineering Attacks?

What is social engineering? Definition + protection tips - Norton

What is Social Engineering?

Must Read - Security Affairs