A new phishing campaign is actively targeting Microsoft Office 365 users and administrators with the end goal of compromising their entire email system and using newly created accounts on the domain to deliver future phishing emails.
The attackers use phishing emails (Scam) designed to look like they are coming from Microsoft, with the Office 365 logo shown at the top, and delivered using “validated domains” “from a legitimate organization’s Office 365 infrastructure” as PhishLabs found.

What is Phishing?
Phishing attacks are email messages try to use social engineering and information gathering, so hackers use deception to manipulate you into providing confidential or personal information, and then use that information for fraudulent purposes. Phishing attacks usually come as email. Hackers pose as trustworthy people and organizations to trick you into giving them sensitive data like your username, password, social security number, or credit card information. And sometimes they can get these details by asking you to click a link to renew your account or download an invoice, but it will gather your information as soon as you click the link.