Armorblox included recommendations for defending against these types of attacks including:
1. Supplement your native email security. The initial emails described by Armorblox snuck past the Google Workspace email security. For better protection, enhance your built-in email security with additional layers that protect against more advanced techniques.
2. Look out for social engineering cues. With email overload, it’s easy to be fooled by a malicious email that appears legitimate at first glance. Instead, engage with such emails in a methodical way. Inspect the sender’s name, email address and the language used within the email. Check for any inconsistencies in the message leading you to ask yourself such questions as: “Why is a Microsoft email being sent from a Gmail account?” and “Why are there no links in the email, even in the footer?”
3. Resist sharing sensitive information over the phone. Be wary of any unsolicited caller who asks for sensitive information or tells you to download something over the phone. If you feel the phone call is a scam, simply hang up. If the person provides a call-back number, don’t call it. Instead, search the company’s website for a customer service number and call that number instead.
4. Follow password best practices. To protect your online accounts, don’t reuse your passwords, avoid passwords that tie into your date of birth or other personal events, don’t use generic passwords, and rely on a password manager to create and maintain complex passwords. Further, set up multi-factor authentication (MFA) on your business and personal accounts wherever possible.

https://www.techrepublic.com/article/how-a-vishing-attack-spoofed-microsoft-to-try-to-gain-remote-access/?&web_view=true

https://www.armorblox.com/blog/blox-tales-microsoft-defender-vishing-anydesk/