Cybercriminals are using legitimate Office 365 services to launch attacks