Cybercriminals are using Microsoft-themed email lures to swipe user credentials. As more organizations migrate to Office 365, cybercriminals use Outlook, Teams and other Microsoft-related lures. 45 percent of phishing emails, said researchers, aimed to steal usernames and passwords. The remainder of malicious emails were utilized in business email compromise (BEC) attacks or for BEC attacks. Researchers recommend organizations enable multi-factor authentication along with Office 365 migration/ implementation, said Cofense.
Source: https://threatpost.com/microsoft-lures-credential-swiping-phishing-emails/164207/