Armorblox: Unusual invoice-themed phishing campaign used to extract Office 365 login credentials. The campaign, which recently ended, struck about 20,000 accounts, researchers estimate. The emails were branded with a Microsoft Outlook logo, had the subject line “Transfer of Payment Notice for Invoice” The emails either skipped past spam filters or the security tool determined that they weren’t spam, it says. Researchers: Fraudsters used combination of techniques that makes the attack uniquely sophisticated and enabled it to bypass Microsoft email security and pass victims’ eye tests.”]
Source: https://www.govinfosecurity.com/unusual-phishing-campaign-extracted-office-365-credentials-a-15929