A new phishing automation platform called Quantum Route Redirect (QRR) is targeting Microsoft 365 users by employing around 1,000 domains to steal their credentials. The platform is designed for ease of use, enabling even less experienced cybercriminals to launch effective phishing attacks. Since August, KnowBe4, a security awareness company, has tracked these attacks, with a significant concentration in the U.S., where nearly 76% of incidents have been reported. QRR operates by sending malicious emails that mimic legitimate communications, such as DocuSign requests or payment notifications. These emails lead victims to credential harvesting pages that follow a specific URL pattern, often hosted on compromised or parked domains. This tactic helps attackers exploit trust by using seemingly credible sources. The platform includes a filtering mechanism to differentiate between human users and automated security systems, ensuring that phishing pages are only shown to actual targets. The QRR kit logs real-time statistics on its dashboard, allowing operators to monitor the effectiveness of their attacks. KnowBe4 has observed QRR phishing campaigns across 90 countries, but the majority are aimed at U.S. users. Analysts anticipate that the use of QRR will increase as it adapts to evade detection by URL scanning technologies. To counter this threat, robust URL filtering and monitoring tools are recommended to detect and respond to potential phishing attempts and compromised accounts.