A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. Researchers believe the campaign's goal is to breach corporate accounts to conduct BEC attacks, diverting payments to bank accounts under their control using falsified documents. The phishing campaign's targets include fin-tech, lending, accounting, insurance, and Federal Credit Union organizations in the US.