Cofense published a brief blog post discussing a phishing email successfully bypassing security email gateways. The content of the email claims someone has shared a document via SharePoint and provides a link to view it. Visiting the link leads to a login form on top of a blurred background requesting the user log in to view the document. If a user provides their credentials, the data is exfiltrated to the attacker while the user is redirected to a decoy document. For more information, see the Cfense blog post in the Reference section.”]
Source: https://exchange.xforce.ibmcloud.com/threats/guid:2ba40d9807d0d73b9dc805bdce16ce79