Most phishing campaigns use social engineering and brand impersonation to attempt to take over accounts and trick the victim into divulging their credentials. PhishLabs has uncovered a previously unseen tactic by attackers that uses a malicious Microsoft Office 365 App to gain access to a victim's account without requiring them to give up their credentials to the attackers. In this technique, the
![Phishing Campaign Uses Malicious Office 365 App](https://cdn-ak-scissors.b.st-hatena.com/image/square/5a9aca6ec1576bd4010333c2ed2bd770eafb22fd/height=288;version=1;width=512/https%3A%2F%2Fwww.phishlabs.com%2Fsites%2Fdefault%2Ffiles%2F2024-04%2FOffice%2520365%2520Add%2520In.png)