Scam Summary: A fake file sharing scam using different "From" names and compromised accounts sends a link that leads recipients to a fake MS365 site. After entering their password the victim may be induced to approve a DUO mfa phone call challenge.

If a recipient responds by entering their credentials, this will result in theft of their credentials and the compromise of their account. Newly compromised accounts are then used to message new recipients and disseminate more scam document shares both at Michigan and sometimes other institutions.