From helpnetsecurity.com
Phishers targeting Office 365 admins have a new trick up their sleeve: they are checking the credentials entered into the spoofed login page in real-time and, if they are valid, the victims are redirected to their real Office 365 inbox.
“If the login fails, the end-user is presented with a fake Office 365 login error, asking them to provide their credentials again, as they would in a genuine Office login. This method is something we have not seen before,” Avanan researchers told Help Net Security.