References used: Associated Enterprises / Microsoft Outlook Exploit
“A difficult to detect phishing attack is catching Outlook users off guard, as it uses the built in Rules feature to forward emails to an attackers third party mailbox. In most cases the rules are configured to detect keywords related to finance, such as “Payment”, “Invoice” or “Bank”.
The malicious Outlook rules are created using traditional email phishing methods. The target will receive and email apparently from an existing contact or organisation known to them. A link in the phishing email takes the user to a fake Office 365 login page and requests the user’s credentials. When they have been entered the log-in fails, but the attackers can the install an Email Forwarding rule in to the target’s Outlook rules.”