I have beed asked by the Security department related the following Topic described in the links below:

https://www.avanan.com/resources/basestriker-vulnerability-office-365
https://thehackernews.com/2018/05/microsoft-safelinks-phishing.html
https://securityaffairs.co/wordpress/72279/hacking/basestriker-attack-technique.html

Security researchers at cloud security company Avanan have discovered a technique, dubbed baseStriker, used by threat actors in the wild to bypass the Safe Links security feature of Microsoft Office 365.

The Safe Links feature is designed by Microsoft to protect Office users from malicious codes and phishing attacks, it is part of Microsoft’s Advanced Threat Protection (ATP).

Beginning in late October 2017, ATP Safe Links protection is being extended to apply to web addresses (URLs) in email as well as URLs in Office 365 ProPlus documents, such as Word, Excel, PowerPoint on Windows, iOS, and Android devices, and Visio files on Windows.

The security feature works by replacing all URLs in an incoming email with Microsoft-owned secure URLs.

When the user clicks on a link included in an incoming email, it first redirects the user to a domain operated by Microsoft to checks the original URL for anything suspicious. If the scan detect a suspicious activity, it then warns users, otherwise, the user is redirected to the original link.

BaseStriker attack technique leverages the <base> URL tag in the header of an HTML email to split and disguise a malicious link.