Fake Microsoft alerts dropping malware now?

Just saw the NarwhalRAT campaign details and I'm honestly impressed by the operational security maturity here. Not the usual fake invoice or shipping notification - they went straight for Microsoft Account security alerts. That's psychologically brutal. Your brain is wired to panic-click when "unauthorized sign-in" pops up. They weaponized your own security anxiety. What gets me is the delivery chain elegance. No macro-enabled Office doc, no sketchy ZIP. They're using legitimate cloud storage redirects and HTTPS links to bypass email gateways that still flag HTTP as suspicious. The malware itself? Go-based cross-platform. That's not your grandpa's North Korean malware. ScarCruft evolved. Here's the terrifying part: most corporate users would pass this phishing test. The email looks identical to real Microsoft alerts. The landing page clones the login. The only giveaway? Maybe the domain if you squint. But who inspects domains when they think their account is compromised? Are your users trained to spot "security alert" phishing specifically? Or are you still running the same "suspicious attachment" training from 2019? Because the threat model just shifted.