An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials. SEGs are designed to block spam and phishing attempts from reaching their users’ mailboxes using filtering stacks that will scan all incoming emails for malicious content. The attackers took advantage of the fact that the domains used by Google’s Ads platform are overlooked by SEGs, which allows them to deliver their phishing messages to their targets’ inboxes bypassing email filters.
Source: https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-google-ads-to-bypass-email-filters/