Researchers at WMC Global spotted a new sneaky Office 365 phishing campaign, targeted at Office 365 users, still at the login page. The strategy involves inverting the background colors of the image presented to the user at login, causing the image hash to differ from the original. This hinders scanning engines ability to flag the image altogether.
The phishing kit further reverts the inverted image, using Cascading Style Sheets (CSS), to make the image look just like the original, legitimate background image of Office 365 login pages. Phishing engines are highly unlikely to detect the image as being an inverted copy of the Office 365 background.
While it is hard to spot fake login pages, staying away from unsolicited links and forms might save users from further trouble. Using a powerful antiivirus or antimalware detection engine should also help.
Read more about it here.