A phishing campaign uses the company’s home page to disguise the attack and trick potential victims into providing login credentials. This is a new tactic, researchers say, that loads the legitimate page of the business and applies a fake login box on top of it. This way, employees suspicious of an attack can click on links and see that they are legitimate. The overlay method has been used in the past and is typically seen with banking trojans for Android to steal credentials for online banking and payment card details.
Source: https://www.bleepingcomputer.com/news/security/phishing-adds-overlay-on-official-company-page-to-steal-logins/