The phishing described here passes through the defense mechanisms because it was sent from Microsoft
Be cautious and alert users from accessing links impersonating permissions to receive a fax
In cases of doubt, they should consult you or me.
Title: Office 365 Users: Beware of Phishing Emails Pointing to Office Sway
Excerpt: “One of phishers’ preferred methods for fooling both targets and email filters is to use legitimate services to host phishing pages. The latest example of this involves Office 365 users being directed to phishing and malicious pages hosted on Office Sway, a web application for content creation that’s part of Microsoft Office. The email. The email that tries to trick recipients into visiting the phishing page isn’t stopped by Microsoft’s filters, likely because: It was sent from an onmicrosoft.com email address, Includes links in the email that point to sway.office.com and other trusted sites (e.g., LinkedIn). It pretends to be a fax receipt notice, shows a small image of the supposedly received fax, and asks the user to open the attachment to view it.”