Just an FYI about a new type of phish we’ve seen over the past couple of months. I implemented a block specifically for this phish. The emails are sourced from Microsoft systems and they link to subdomains in the legitimate onmicrosoft.com domain. Note that even Microsoft appears to be aware of these emails based on the message at the top of the email. The links don’t appear to be malicious per se. The emails are TOADs, providing a phone number to call for a refund scam. That said, I don’t want these emails containing links to potentially dangerous sites in our users mailboxes.
Microsoft “Invitations” are sent from “invites@microsoft.com”, which is a legitimate Microsoft service so we can’t just block all of these emails.
