Attackers use trusted entities to trick victims into giving up their corporate log-in details as well as to bypass security protections. The majority of the attacks targeted European companies, with others seen in Asia and the Middle East. Researchers found more of a masterpiece strategy that leverages well-known and reputable brands to evade security products on the way to the victims, they said. The level of sophistication required those behind the campaign to gain access to Samsung and University of Oxford servers unnoticed.
Source: https://threatpost.com/phishing-campaign-targeting-office-365-exploits-brand-names/156698/