Microsoft’s Dynamics 365 the latest program used by hackers to exploit customer data

Avanan, a Check Point Software Company has shared the latest tactics being deployed by hackers to take advantage of vulnerable consumers.

Dynamics 365 Customer Voice, a Microsoft product primarily used to gain feedback from customers via satisfaction surveys, is being exploited by hackers using the program to send phishing links in an attempt to steal customer information.

Avanan has seen a dramatic increase in Dynamics 365 attacks in recent weeks, with hackers using spoofed scanner notifications to send malicious files. Hackers are continually using what Avanan calls ‘The Static Expressway’ to reach end-users – a technique that leverages legitimate sites to get past security scanners.

“This opportunity has been created for hackers due to a lack of items being blocked from what are perceived as trusted “Microsoft” sources.” says Avanan

This is a particularly difficult attack for consumers to detect with the phishing link – the tool being used to exploit customers – not appearing until the final step.

Users are first directed to a legitimate page – meaning hovering over the URL in the email body won’t trigger a protection response. These attacks are incredibly difficult to stop for scanners and even harder for users to identify.

Email Example 1

This email comes from the survey feature in Dynamics 365. Interestingly, you’ll notice the sending address has “Forms Pro” in it, which is the old name of the survey feature. The email shows that a new voicemail has been received. To the end user, this looks like a voicemail from a customer, which would be important to listen to. Clicking on it is the natural step.

Email Example 2

This is a legitimate Customer Voice link from Microsoft. Because the link is legit, scanners will think that this email is legitimate. However, when clicking upon the “Play Voicemail” button, hackers have more tricks up their sleeves. The intent of the email is not in the voicemail itself; rather, it is to click on the “Play Voicemail” button, which redirects to a phishing link.

Email Example 3

Once you click on the voicemail link, you are redirected to a look-alike Microsoft login page. This is where the threat actors steal your username and password. Notice the URL is different from a typical Microsoft landing page.

To help consumers best protect themselves from potential hacks, Avanan suggests the following:

Always hover over all URLs, even those not featured in the body of the email
When receiving an email with a voicemail, determine if this is a typical email you would usually receive before engaging with its contents
If you’re ever unsure about an email, enquire with the original sender

Avanan has also recently seen an increase in similar attacks through other platforms, including Facebook, PayPal, QuickBooks, and more.