A phishing campaign that takes advantage of Google s ability to decode non-ASCII URL data on the fly is making the rounds. Using percentage-based encoding, cybercrooks are making use of this in order to trick secure email gateways into delivering their phishing emails, by hiding the true destination of the messages embedded malicious links. The phishing page itself is a well-done imitation of the Office 365 login portal and aims to steal corporate users credentials.
Source: https://threatpost.com/phish-googles-url-decoding-defenses/148694/