
Cybercriminals are increasingly leveraging Microsoft Office Forms to launch sophisticated two-step phishing attacks, tricking users into divulging their Microsoft 365 (M365) login information. At present, certain individuals fall prey to these nefarious schemes, a testament to the attackers’ cunning use of familiar platforms. The technique, known as “external account takeover” or “vendor email compromise,” allows threat actors to infiltrate supply










