An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs. The emails evade basic security checks and user common sense in a number of ways, to circumvent detection and steal the user s Microsoft log-in credentials. They also don t include specific names or greetings in the body of the messages, suggesting they are being sent out to a broad target audience, researchers say.
Source: https://threatpost.com/top-email-protections-fail-covid-19-phishing/154329/