A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft credentials and launch business email compromise (BEC) attacks. The attacks started last December and continued through February, according to a new report from Area 1 Security. The goal of the phishing email is to dupe victims into clicking on the Apply Update button, disguised as a security update, which takes them to a spoofed Office 365 login page. The attackers spoof email addresses of known senders to evade detection.
Source: https://threatpost.com/office-365-phishing-attack-financial-execs/164925/