Attacker-controlled Microsoft 365 SharePoint tenant URL used as phishing destination; designed to look like legitimate vendor SharePoint while inheriting sharepoint.com's clean reputation