Security researchers discovered a new phishing campaign leveraging Punycode and a bug in Office 365 defense systems to deceive victims. The attack includes a phishing scheme to steal Office 365 credentials, and leverages a vulnerability in how Office 365 anti-phishing and URL-reputation security layers deal with Puny code. Office 365s default security systems check domain reputation by analyzing it as plain ASCII. The malicious one is followed by the browser redirecting the victims to a bogus domain.”]
Source: https://securityaffairs.co/wordpress/54403/cyber-crime/phishing-campaign-punycode.html