Cybercriminals set up three different CAPTCHAs that Office 365 targets must click through before the final phishing page. The attack shows that cybercriminals continue to switch up their tactics when it comes to phishing and email based attacks. The industries targeted by this campaign were primarily technology, insurance, and finance and banking industries. Attackers also do not use the same CAPTCHA checks they use at least four different images. The final page, which poses as a Microsoft Office 365 log-in page, is an attempt to steal user s Office 365 credentials.
Source: https://threatpost.com/microsoft-office-365-captchas/159747/