A phishing campaign targeting Office 365 users sends emails disguised as project team invitations from a company director. The spoofed message redirects to a fake Microsoft 365 login page with SSL certificates and Microsoft branding. Entering credentials gives attackers full account access. Users should always verify sender addresses and inspect URLs carefully.