David, an incident responder, investigates an email-based breach where the CFO's email account was compromised and used to send invoice modification requests to vendors. Logs reveal the attacker accessed the account using valid credentials after the CFO clicked on a fake Microsoft 365 login prompt sent via email. Which technique did the attacker most likely use?
Submit