PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign.
In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains – an educational institution for example – not belonging to Microsoft. If the victim clicked the link, they were presented with a spoofed login for Office 365.
Administrators often have privileges on other systems within an organisation, potentially allowing further compromises.
— Eleanor Dallaway (@InfosecEditor) November 18, 2019