Beware of the Latest Phishing Tactic Targeting Employees

This Cofense blog dissects a credential-harvesting phishing campaign that impersonates a company's HR department to trick employees into submitting Microsoft credentials on a fake login page; after capturing credentials the attack redirects victims to the legitimate SSO (e.g., Okta) to conceal the compromise. The report includes multiple IoCs (malicious URLs and IPs), details the social-engineering tactics and attack flow, and recommends security awareness training and layered email defenses.