"An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters," the Microsoft Security Intelligence team Sneakier than usual The use of SharePoint in the display name as well as in the message, is one of the techniques the scam relies on to appear legitimate, as per the researchers. The emails appear to share files that are strategically named as "Staff Reports", "Bonuses", "Pricebooks", and such to appear as legitimate business emails.