Recently we have seen an uptick in Phishing attacks from <name>@<something>.microsoftonline.com accounts. These attacks are primarily seeking to gain access to an individuals Microsoft account login information but what is really chilling is the email's content includes a list of other accounts within the group. For example, email sent to A1@**** with a subject of "Your Office 365...statement is ready" and lists each email address within the account.
If the users' email was routed to Microsoft Outlook could be used to report the issue. These users obtain their emails through another source, so Outlook.com abuse reporting is not available.
What we have done is capture the metadata from the email, trace the owner of the <name>@<something>.microsoftonline.com, etc. The information is then provided to FBI Cyber Crime unit.
What is chilling is the level of accuracy of the accounts listed in the email. How would a general (non-Microsoft) MicrosoftOnline.com account get access to the emails associated with a subscription that they do not have access too?
Anyone else seen this patter?