An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration notifications as lures. The messages also include an embedded link to retain the same password that, when clicked, redirects users to a phishing page for credential harvesting. The Office 365 phishing kit, currently in its fourth iteration (V4), is said to have been originally released in July 2019.
Source: https://thehackernews.com/2021/01/targeted-phishing-attacks-target-high.html