Fraudsters are trying new things to bypass security controls in Office 365 and added a CAPTCHA page in the chain of redirects that ends on a phishing template for login credentials. The attack was not part of a massive campaign, says Chetan Anand, co-founder of Armorblox. Anand says that including a CAPtCHA makes it more difficult for security solutions that analyze URL redirection to reach the final destination and detect the attempt as malicious. A closer look at the domain reveals that this is a lookalike page built specifically for the target.
Source: https://www.bleepingcomputer.com/news/security/office-365-phishing-uses-supreme-court-theme-and-working-captcha/