Two separate techniques show how attackers are leaning on user trust - one through a promoted macOS lure, the other through browser-based Microsoft 365 token abuse.