Scammers are impersonating Microsoft in phishing attacks to steal data, plant malware, and launch more attacks from compromised accounts, with 76% of the attacks occurring in the US.