Avanan, a Check Point software company, shared the latest tactics hackers are deploying to take advantage of vulnerable consumers.
Dynamics 365 Customer Voice, a Microsoft product primarily used to obtain customer feedback through satisfaction surveys, is being exploited by hackers using the program to send phishing links in an attempt to steal customer information.
Avanan has seen a dramatic increase in Dynamics 365 attacks in recent weeks, with hackers using fake scanner notifications to send malicious files. Hackers continually use what Avanan calls the “static highway” to reach end users – a technique that exploits legitimate sites to pass security scanners.
“This opportunity has been created for hackers due to the lack of blocked material from what are perceived to be trusted ‘Microsoft’ sources.” says Avanan
This is a particularly difficult attack for consumers to detect, with the phishing link – the tool used to exploit customers – only appearing in the final stage.
Users are taken to a legitimate page first, which means hovering over the URL in the body of the email will not trigger a protection response. These attacks are incredibly hard for scanners to stop and even harder for users to identify.
Email Example 1
Email Example 2
Email Example 3
To help consumers best protect themselves against potential hacks, Avanan suggests the following:
- Always hover over all URLs, even those not in the body of the email
- When you receive an email with a voicemail message, determine if it is a typical email you would usually receive before engaging with its content
- If you are ever unsure about an email, check with the original sender
Avanan has also recently seen an increase in similar attacks via other platforms, including Facebook, PayPal, QuickBooks, and more.
