Hackers Abuse Microsoft Customer Voice in Phishing Campaign… Legitimate Microsoft Links Used to Bypass Security Filters

Researchers at Avanan, a Check Point Software Company, have released a report discussing how hackers are impersonating Microsoft’s Dynamic 365 Customer Voice to send credential harvesting pages.

In this attack, victims are presented with an email from the survey feature in Dynamics 365, notifying them that a new voicemail from a customer has been received. Using a legitimate Customer Voice link from Microsoft, end users are encouraged to listen to the voicemail by clicking on the provided link that instead redirects them to a phishing page. 

You can read the full report here.

Leave a Reply

%d bloggers like this: