Attackers check the victims’ Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs. Read more