In case you suspect which the app is suspicious, take into account disabling the application and rotating credentials of all affected accounts. TP: If you're able to validate the OAuth app is sent from an unfamiliar resource, and application habits is suspicious. Recommended Motion: Revoke consents granted to the app and disable the app.