The threat actor created an email that looks eerily similar to a legitimate pending notification coming from Skype. The real sender can be found in the return-path displayed as sent from, which also happens to be an external compromised account. The attack is being hosted via Googles a.app TLD, backed by Google to help app developers securely share their apps. The inclusion of HTTPS means the addition of a lock to the address bar, which most users have been trained to trust.”]
Source: https://cofense.com/phish-uses-skype-target-surging-remote-workers/