A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted JavaScript code. The subject of the phishing email says ‘price revision’ and it contains no body ‘ just an attachment (hercus-Investment 547183-xlsx.Html) The phishing page also validates email address format and password length. Once the victim submits the login credentials, they are effectively compromised, and the victim is shown a web page saying that they account or password info is incorrect and urges them to log in again.
Source: https://www.helpnetsecurity.com/2021/04/08/office-365-phishing-javascript/