Microsoft’s Dynamics 365, the latest program used by hackers to mine customer data


Avanan, a Check Point software company, shared the latest tactics hackers are deploying to take advantage of vulnerable consumers.

Dynamics 365 Customer Voice, a Microsoft product primarily used to obtain customer feedback through satisfaction surveys, is being exploited by hackers using the program to send phishing links in an attempt to steal customer information.

Avanan has seen a dramatic increase in Dynamics 365 attacks in recent weeks, with hackers using fake scanner notifications to send malicious files. Hackers continually use what Avanan calls the “static highway” to reach end users – a technique that exploits legitimate sites to pass security scanners.

“This opportunity has been created for hackers due to the lack of blocked material from what are perceived to be trusted ‘Microsoft’ sources.” says Avanan

This is a particularly difficult attack for consumers to detect, with the phishing link – the tool used to exploit customers – only appearing in the final stage.

Users are taken to a legitimate page first, which means hovering over the URL in the body of the email will not trigger a protection response. These attacks are incredibly hard for scanners to stop and even harder for users to identify.

Email Example 1

This email is from the survey feature in Dynamics 365. Interestingly, you’ll notice that the sender address contains “Forms Pro”, which is the old name for the survey feature. The email indicates that a new voicemail has been received. To the end user, this sounds like a voice message from a customer, which it would be important to listen to. Clicking on it is the natural step.

Email Example 2

This is a legitimate Customer Voice link from Microsoft. Because the link is legitimate, scanners will think this email is legitimate. However, by clicking on the “Play Voicemail” button, hackers have more tricks up their sleeve. The intent of the email is not in the voicemail itself; rather, it’s about clicking the “Play Voicemail” button, which redirects to a phishing link.

Email Example 3

Once you click on the voicemail link, you are redirected to a similar Microsoft sign-in page. This is where threat actors steal your username and password. Note that the URL is different from a typical Microsoft landing page.

To help consumers best protect themselves against potential hacks, Avanan suggests the following:

  • Always hover over all URLs, even those not in the body of the email
  • When you receive an email with a voicemail message, determine if it is a typical email you would usually receive before engaging with its content
  • If you are ever unsure about an email, check with the original sender

Avanan has also recently seen an increase in similar attacks via other platforms, including Facebook, PayPal, QuickBooks, and more.


About Author

Comments are closed.