Compromising an employee’s email account can be profitable for BEC scammers and for distributing malware, but being able to gain access to an email domain’s administrator account is a jackpot. For this reason, it is important to be aware of phishing scams that are not targeting an organization’s users, but rather their administrators […]

from https://www.bleepingcomputer.com/news/security/phishers-target-office-365-admins-with-fake-admin-alerts/