New twist on a classic phishing email scam

Whilst going through the phishing emails the company receive as part of ensure training material is up to date and to get ideas for phishing tests. We intercept a variant of the classic 'email settings are out of date ' scam was spotted. What made this one stand out was the URL present to the recipient to click on, was to a page on Microsoft's survey server (forms.office.com), the attacker had set-up a survey to collect credentials of those falling for the scam. The use of a genuine Microsoft service could give credence to the scam to those being targeted, causing them to enter their details. The form being used in the phishing email I looked at has been removed by Microsoft's security team. This type of attack could be more successful if the attackers had identified employees working in IT operations and spoofed their email addresses as part of more targeted campaign.