Phishing remains one of the most common sources of initial compromise for organizations, so it is crucial to train employees to spot and report suspicious emails. In this attack, victims can spot the spoofed sender’s address, which attempts to make it appear as if it came from within their own organization. One can check for signs this information may be spoofed by looking at the Email header, at the “From”, “Reply-To” and “Return-Path” fields. Additionally, the credential harvesting page, which presents as a Microsoft 365 login page, was hosted on a variety of non-Microsoft domains. Malicious macros in attachments and credential harvesting pages are two of the most common methods threat actors employ in phishing attacks.