A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said. The emails purport to share information about an electronic funds transfer (EFT) payment. Researchers at Armorblox uncovered invoice-themed emails sent to at least 20,000 mailboxes. The attackers could use the information to take over accounts and steal information, but they could wreak other havoc as well as wreak havoc as also. The campaign is perhaps most notable for the bevy of tactics employed to avoid email security defenses.
Source: https://threatpost.com/microsoft-office-365-attacks-google-firebase/163666/