Trying to steal your username and password is so “yesterday.” The 2020 Hacker is now leveraging Office 365 OAuth APIs to gain control over user mailboxes with phishing tactics.
Refer Here for Original Post and Source https://blog.knowbe4.com/new-office-365-phishing-attack-targets-oauth-apps-instead-of-credentials