Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software.
Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking, Microsoft 365 Defender Threat Intelligence Team said in a report published this week.