A new landing page for a Microsoft account phishing scam has been discovered that utilizes the SmtpJS service to send stolen credentials via email to the attacker. […]

from https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-sends-stolen-logins-using-javascript/