A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. What makes these phishing emails especially convincing is the use of quarantine[at]messaging.microsoft.com to send them to potential targets and the display name matching the recipients’ domains.
Read full article on Bleeping Computer