A newly spotted phishing campaign uses Microsoft voicemail notifications as baits to trick targets into opening HTML attachments that redirect to the attackers’ landing pages using a meta element. The attack builds upon the wave of HTML attachment attacks that we ve recently observed targeting our customers, whether they be SMBs or enterprises, says Avanan. Microsoft’s Office 365 Advanced Threat Protection protected the company’s E3 and E5 customers from this campaign. The attackers have designed a spoofed “Voicemail management system”” page which pops up a login form to collect the victims’ credentials.”
Source: https://www.bleepingcomputer.com/news/security/microsoft-voicemail-notifications-used-as-bait-in-phishing-campaign/