A phishing campaign is making the rounds that uses fake voicemail messages to lure victims into revealing their Office 365 email credentials. The targets are high-profile companies, mainly in the tourism, entertainment and real-estate industries. The attack starts with an email saying the recipient has missed a phone call, along with a request to login to their account to access their voicemail. The message will have an attached HTML file that redirects the user to a phishing website. A total of three different phishing kits are being used to carry out the scam.
Source: https://threatpost.com/enterprise-big-fish-fake-voicemail-office-365-attack/149730/

