Microsoft is warning about an ongoing, ‘sneakier than usual’ phishing campaign aimed at Office 365 users. The phishers are using various themes as lures, and the emails are sent from email addresses from various top-level domains. The emails are made to look like they point to a shared document stored on Microsoft SharePoint, a web-based collaborative platform that integrates with Microsoft Office. The fake documents are purportedly staff reports, ‘pricebook changes’ contain information about bonuses, and so on.
Source: https://www.helpnetsecurity.com/2021/08/04/phishing-office-365-users/