Hackers Continue to Abuse Microsoft Customer Voice in Phishing Campaign – But With a Twist

A few months ago, researchers at Avanan, a Check Point Software Company, wrote about how hackers are utilizing Microsoft’s Dynamics 365 Customer Voice platform to send phishing links.

Avanan has released its latest blog on how hackers are changing up their tactics with a new variation of this attack that continues to leverage Microsoft Voice.

This email campaign starts with what appears to be a new document (a fax notification) sent from SharePoint alerting the user that the document contains “particularly sensitive or confidential information.” and will expire in 14 days. Following the prompts directed end-users to a OneDrive look-alike page where login credentials are entered and stolen. 

You can read about the evolution of this attack here.

Leave a Reply

%d bloggers like this: