A phishing campaign is targeting C-suite executives, executive assistants and financial departments across numerous industries. The campaign began in early December 2020 and, according to the researchers, is still ongoing. Most of the phishing emails are sent from addresses with Microsoft-themed sender domains, with properly configured SPF records. In some cases, the attackers were even more stealthy by prefetching the localized Office 365 sign-in. The phishing kit would essentially break and the victim would simply be redirected to the legitimate login page.
Source: https://www.helpnetsecurity.com/2021/03/18/office-365-phishing-executives/