Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets. One of the evasion tactics is the use of redirector URLs with the capability to detect incoming connections from sandbox environments commonly used by security researchers to gain more info about the attack. The phishing emails used in this campaign are also heavily obfuscated to make sure that secure email gateways will not be able to detect the malicious messages and automatically block them before they land in the targets’ inboxes.
Source: https://www.bleepingcomputer.com/news/security/office-365-phishing-campaign-detects-sandboxes-to-evade-detection/