A phishing campaign aimed at Office 365 users took advantage of a legitimate Adobe marketing redirect mechanism, website script injection, and legitimate domains owned by Samsung, Adobe, and Oxford University to convince victims to hand over the credentials to their Office 365 accounts. According to researchers at Check Point, the attackers used Oxford University’s email servers to launch reputable-looking phishing messages containing content about an unheard voicemail message.

Read full article on Dark Reading: Cloud