Below are a series of links to the main Microsoft Defender for Office 365 blog. Shortcuts added here as this is one of my shared bookmarks.
Note that some links have KQL queries and IOCs related to that specific attack.
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA
Note that compromised end user connected to EXO as part of this attack.
Trend-spotting email techniques: How modern phishing emails hide in plain sight
Widespread credential phishing campaign abuses open redirector links
Protect against phishing with Attack Simulation Training in Microsoft Defender for Office 365
Franken-phish: TodayZoo built from other phishing kits
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365
Microsoft delivers comprehensive solution to battle rise in consent phishing emails
See also the documentation to protect against conscent phishing.
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign