Malicious domain designed to look like an Office 365 logon page (Source: Abnormal Security) A spear-phishing campaign detected earlier this month that uses messages that appear to originate with legitimate companies is targeting enterprise users in an effort to steal Microsoft Office 365 credentials, according to a report from Abnormal Security. The fraudsters appear to have compromised hundreds of legitimate accounts to help craft realistic-looking emails, the researchers say. In one case, the malicious messages impersonated eFax, an online fax service, and the messages included personalized Doc Delivery notifications to entice victims to click. The phishing emails typically contain an embedded link that leads the user to what the researchers call “never-seen-before Microsoft Office 365 spear-phishing pages hosted on legitimate digital publishing sites such as Joom, Weebly and Quip.” So far, hundreds of these domains have been detected, according to the report.