The attacks are impersonating emails appearing to have been generated automatically by a legitimate file-sharing site such as OneDrive which contain links to malicious content stored on legitimate site.
When the targets clicks on the link in the email, they get directed to the legit file sharing site but when they interact with the object content, they get directed to a malicious site.
The attackers also create online forms which look like the login page of well-known companies and send links of such forms to the targets. Unsuspecting targets may end up entering their credentials on the fraudulent form which may be misused by the fraudsters
Popular sites being abused by attackers include storage .googleapis.com ,docs.google.com,storage.cloud.google.com,sendgrid.net,sway.office.com ,drive.google.com,mailchimp.com,etc.
CAUTION FOR PUBLIC:
Enabling multi-factor authentication for accounts may help protection against breach even if username and password has been stolen/compromised
E-mail users should always be cautious in dealing such suspicious emails and better not to click those emails.
In addition to traditional spam filters, organizations may also deploy artificial intelligence based emails security solutions to perform anomaly-based detection.