An unusual new phishing campaign is probing email inboxes via attacks using the targets’ company-branded Microsoft 365 tenant login pages to add more legitimacy to the scam. […]

from https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/