A silly phishing campaign is underway where the attackers state that your password will expire and be changed unless you login and confirm that you want to keep it the same. Once you click on the “Keep same password”” link you will be brought to a page asking you to login to your mail server. The attackers will now have your login credentials and be able to access your email account. They can then perform BEC scams or take over other accounts that you use under the same email address.”
Source: https://www.bleepingcomputer.com/news/security/silly-phishing-scam-warns-that-your-password-will-be-changed/