Amazon Gift Card Email Hooks Microsoft Credentials

Cofense Phishing Defense Center identified a credential-phishing campaign that sends spoofed Amazon e-gift emails claiming to be employer rewards; victims are redirected from a fake redemption site (egift.activationshub.com) to a fraudulent Microsoft sign-in page (sso.officefilecenter.com) to harvest Outlook/Microsoft credentials. The report includes IOCs: two malicious URLs and their associated IP addresses and notes the domains were newly registered.