Phishing sensitive data from the Outlook Web Access Preview panel
As phishing tactics evolve, common advice like "don’t click suspicious links" and "verify the sender" may no longer be enough. This article explores a lesser-known phishing vector involving interactive PDF forms, which can extract sensitive data from users who never even leave the secure Office 365 environment. Discover how Chrome-based browsers handle these PDFs and why Microsoft has classified this issue as a low-severity vulnerability, leaving users potentially exposed until a fix is implemented.