A spear-phishing campaign detected earlier this month that uses messages that appear to originate with legitimate companies is targeting enterprise users in an effort to steal Microsoft Office 365 credentials, according to a report from Abnormal Security.
In the campaign that the Abnormal Security researchers uncovered, the fraudsters appear to have compromised hundreds of legitimate accounts to help craft realistic-looking emails. In one case, the malicious messages impersonated eFax, an online fax service, and the messages included personalized “Doc Delivery” notifications to entice victims to click.
