- The researchers spotted a new phishing campaign, abusing Dynamics 365 Customer Voice
- Microsoft’s tool has more than 500,000 users
- Many users are fortune companies 500
Check Point researchers have discovered a new phishing campaign, abusing a legitimate Microsoft product to try to steal people’s identification information.
In a new blog article, published earlier in May, the researchers said that the nameless attackers would send phishing emails from previously compromised accounts and include the false vocal links of customers of the dynamics 365.
Dynamics 365 Customer Voice is a tool designed to help companies collect, analyze and act on customer comments in real time. It includes things such as voice recordings, monitoring customer reviews, surveys and similar. According to Check Point, the landscape of threats is vast and quite powerful, because it is used by at least 500,000 organizations, including 97% of fortune companies 500.
Thousands of targets
E-mail subjects are financially targeted, the researchers added. The object lines generally revolve around settlements of settlement, alta, payment information is or closing disclosure. In an example, researchers would add a link leading to the malicious destination page, right next to a legitimate link. The malicious link first takes the victims to a Captcha page, after which they are redirected to an identification harvest page.
Check Point also said that attackers are able to also capture MFA codes, although they did not explain exactly how it is done.
So far, the attackers have managed to send more than 3,000 emails, targeting at least a million different reception boxes. These belong to more than 350 organizations, said the researcher, suggesting that this has already transformed into a large dangerous campaign.
The victims are mainly “well -established community improvement groups, colleges and universities, media, a group of leading health information and organizations that promote arts and culture”.
Unfortunately, it is impossible to say how much connection identification that the disbelievers have managed to obtain so far. Apparently Microsoft has already blocked some of the phishing pages.
