A recent PDF decoy linked to an Office 365 phishing page was impersonating a law firm in Denver, CO, according to a Netskope Threat Protection press release on Wednesday. The phishing page was hosted in Azure blob storage, and the PDF decoy was hosted in Google Drive.
Since the phishing bait was hosted in Azure blob storage, it had a Microsoft-issued SSL certificate and domain, making the attack vector especially convincing and difficult to detect, said the release. And since the PDF decoys appear to be credible, users felt comfortable entering their Office 365 credentials to download the document, added the release.
Read more here