An invoice-themed phishing campaign targeted 20,000 accounts, Armorblox researchers say. The emails were branded with a Microsoft Outlook logo and purported to offer information about an electronic fund payment. The campaign bypassed both Exchange Online Protection and Microsoft Defender for Office 365, the report says. If a victim clicked on the malicious link, it sent the users through a redirect and landed on a page with the domain “mystuff[.]bublup[.]com” The redirect had the parent domain “nam02[.]safelinks[.]protection[.]outlook[.]Outlook[.)com””]
Source: https://www.cuinfosecurity.com/unusual-phishing-campaign-extracted-office-365-credentials-a-15929