This month, the number of phishing campaigns using Microsoft Forms has greatly increased. These operations aim to trick users into sharing their Microsoft 365 login credentials. Microsoft Forms is used to gather feedback and information through various surveys, quizzes, or polls. Malicious actors are using the email accounts of breached businesses and vendors to send out phishing emails containing a link to a Microsoft form. The form has another link to verify one’s account where the user’s credentials are then stolen. These phishing scams are difficult to detect as they come from legitimate email addresses. 

Read more: https://www.helpnetsecurity.com/2024/07/29/microsoft-365-phishing-forms/