A sophisticated Gmail phishing campaign uses fake voicemail notifications and leverages Microsoft Dynamics’ infrastructure to bypass security filters and steal login credentials. Victims are redirected through multiple spoofed pages, including a fake Gmail login that captures passwords, 2FA codes, and recovery info using obfuscated JavaScript and AES encryption. Security teams are urged to block domains like horkyrown[.]com and educate users about these advanced, multi-stage phishing tactics.