Office 365 phishing campaign uses publicly hosted JavaScript code

A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted JavaScript code. The phishing email and page The subject of the phishing email says “price revision” and it contains no body – just an attachment (hercus-Investment 547183-xlsx.Html) that, at first glance, looks like an Excel document, but is actually an HTML document that contains encoded text pointing to two URLs located, a free service for hosting JavaScript, and a separate chunk of HTML code.

Read full article on Help Net Security