New smishing and phishing campaigns are tricking people into giving up personal information by telling them they’ve had contact with someone who has tested positive for COVID-19.
Campaign takes new approach of soliciting OAuth2 access, negating the need to harvest login credentials and effectively bypassing any multi-factor authorisation.