Microsoft’s Security Intelligence team has issued an alert to Office 365 users and admins to be on the lookout for a “crafty” phishing email with spoofed sender addresses.
Microsoft put out an alert after observing an active campaign targeting Office 365 organizations with convincing emails and several techniques to bypass phishing detection, including an Office 365 phishing page, Google cloud web app hosting, and a compromised SharePoint site that urges victims to type in their credentials.