Phishing campaign using legitimate SaaS platforms saw 133,260 emails target over 20,000 organizations. Attackers exploited platform features to send authentic-looking scam emails, bypassing traditional detection methods. Techniques included manipulating user fields to create legitimate notifications from companies like Microsoft and Amazon, urging victims to call attacker-controlled phone numbers instead of clicking links. This trend reflects a strategic shift towards trust-based attacks, highlighting vulnerabilities in widely-used enterprise services and the need for improved detection strategies.
