A phishing campaign aimed at Office 365 users took advantage of a legitimate redirect mechanism. The campaign used a series of compromised websites with a separate subdirectory leading to unique URLs. A click on the link sent victims to a link then redirected to the malicious look-at-the-victims’ website. The attack has now been resolved and the campaign has been called off by Check Point. It has been reported that the campaign is now over and that it has been resolved. Read more from Check Point here.”]
Source: https://www.darkreading.com/attacks-breaches/o365-phishing-campaign-leveraged-legit-domains