Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks

Pierluigi Paganini November 07, 2022

Researchers uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims.

Microsoft’s Dynamics 365 Customer Voice product allows organizations to gain customer feedback, it is used to conduct customer satisfaction surveys.

Researchers from cybersecurity firm Avanan, uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims.

The experts reported hundreds of these attacks in the last few weeks. The emails comes from the survey feature in Dynamics 365, the senders’ address includes “Forms Pro,” which is the old name of the survey feature.

Dynamics 365 Customer Voice

The message informs the recipient that a new voicemail has been received. Upon clicking on the Play Voicemail button, the recipient is redirected to a phishing link that points to a page that clones the Microsoft login page.

Using Customer Voice links, threat actors are able to bypass security measures.

“Hackers continually use what we call The Static Expressway to reach end-users. In short, it’s a technique that leverages legitimate sites to get past security scanners. The logic is this: Security services can’t outright block Microsoft–it would be impossible to get any work done. Instead, these links from trusted sources tend to be automatically trusted. That has created an avenue for hackers to insert themselves.” reads the post published by Avanan.

The researchers recommend to be suspicious of any incoming email asking the recipient to click on a link to check voicemails. Below are the suggestions provided by the experts:

  • Always hover all URLs, even those not in the email body
  • When receiving an email with a voicemail, ensure this is a typical type of email received before thinking of engaging
  • If ever unsure about an email, ask the original sender

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, phishing)

[adrotate banner=”5″]

[adrotate banner=”13″]




you might also like

leave a comment