Recommended reading

This Microsoft 365 phishing campaign can bypass MFA - here's what we know

News
By published

Crooks are abusing Dynamics 365 Customer Voice to steal login credentials

Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
(Image credit: Shutterstock / janews)
  • Researchers spotted a new phishing campaign, abusing Dynamics 365 Customer Voice
  • Microsoft's tool has more than 500,000 users
  • Many of the users are Fortune 500 companies

Researchers from Check Point have discovered a new phishing campaign, abusing a legitimate Microsoft product in an attempt to steal people’s login credentials.

In a new blog post, published earlier this May, the researchers said that the unnamed attackers would send phishing emails from previously compromised accounts, and would include fake Dynamics 365 Customer Voice links.

Dynamics 365 Customer Voice is a tool designed to help businesses collect, analyze, and act on customer feedback in real time. It includes things like voice recordings, customer reviews monitoring, surveys, and similar. According to Check Point, the threat landscape is vast and quite potent, since it is used by at least 500,000 Organizations, including 97% of Fortune 500 companies.

60% off Premium Plans

60% off Premium Plans

New users can take advantage of RoboForm’s exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.

Preferred partner (What does this mean?)

View Deal

Thousands of targets

The topics of the emails are financially focused, the researchers added. Subject lines usually revolve around settlement statements, ALTA, EFT payment info, or closing disclosures. In one example, the researchers would add a link leading to the malicious landing page, right next to a legitimate link. The malicious link first takes the victims to a CAPTCHA page, after which they are redirected to a credential harvesting page.

Check Point also said that the attackers are able to capture MFA codes as well, although they didn’t explain exactly how it is being done.

So far, the attackers managed to send more than 3,000 emails, targeting at least a million different inboxes. These belong to more than 350 organizations, the researcher said, hinting that this has already turned into a large, dangerous campaign.

Victims are mostly “well-established community betterment groups, colleges and universities, news outlets, a prominent health information group, and organizations that promote arts and culture.”

Unfortunately, it is impossible to tell how many login credentials the miscreants managed to obtain so far. Apparently, Microsoft blocked some of the phishing pages already.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.