Microsoft warns of credential phishing attack abusing open redirect links