Threat actors misuse OAuth applications to automate financially driven attacks