Researchers are warning of a coordinated phishing attack that targeted numerous enterprise organizations last week. The attackers leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the attack stole victims Office 365 credentials. The attack starts with a lure convincing email recipients that they received a document. Hundreds of these phishing landing pages have been detected and are hosted on digital publishing sites like Joom, Weebly and Quip.
Source: https://threatpost.com/microsoft-office-365-credentials-attack-fax/162232/