According to this link, https://www.bleepingcomputer.
- The attackers were after credentials for Microsoft accounts and created a page that mimics the original for selecting an account and logging in
- This is served after completing the human verification step. Needless to say that anything typed in the text fields is automatically sent to the attacker
- According to the researchers, the email delivering the phishing link is from a compromised account from ‘avis.ne.jp‘ and pretends to be a notification for voicemail message