July bonus Microsoft spear phishing

Area 1 Security has identified a new Microsoft phishing campaign, dubbed "Summer Bonus," targeting frontline workers during the pandemic. The attackers leverage social engineering techniques and flaws in legacy email solutions to deceive recipients into divulging their Microsoft credentials. Two variants of this campaign have been observed: one using Microsoft SharePoint notifications and another spoofing Microsoft Planner emails. Both phishing attempts lead victims to a fake login portal hosted on cloud-based platforms like Google AppSpot, Azure, and Amazon Web Services (AWS). The attackers use multiple cloud services throughout the attack process to evade detection.