redirects

Researchers describe a phishing campaign that uses legitimate office.com redirects and a misconfigured Microsoft tenant with ADFS to harvest Microsoft 365 credentials, bypassing some security controls. The attack chain begins with a misleading Google ad for “Office 265,” redirects through Office to a phantom domain, and uses conditional access restrictions to conceal the page from…