- The researchers saw a new Phishing campaign, abusing Dynamics 365 Voice Client
- The Microsoft tool has more than 500,000 users
- Many of the users are Fortune 500 companies
Check Point researchers have discovered a new Phishing campaign, abusing a legitimate product of Microsoft in an attempt to steal people’s login credentials.
In a new blog post, previously published in May, the researchers said that unidentified attackers would send electronic pHishing emails previously compromised and include voice links from the client Fake Dynamics 365.
Dynamics 365 Customer Voice is a tool designed to help companies collect, analyze and act on customer comments in real time. It includes things like voice recordings, monitoring of customer reviews, surveys and the like. According to Check Point, the threat panorama is vast and quite powerful, since it is used by at least 500,000 organizations, including 97% of Fortune 500 companies.
Thousands of objectives
Electronic emails are financially focused, the researchers added. The subject lines generally revolve around the liquidation, high, EFT payment information or closing disseminations. In an example, researchers would add a link that leads to the malicious destination page, right next to a legitimate link. The first malicious link takes the victims to a captcha page, after which they are redirected to a credential collection page.
Check Point also said that attackers can also capture MFA codes, although they did not explain exactly how it is being done.
Until now, the attackers managed to send more than 3,000 emails, pointing at least one million different entrance trays. These belong to more than 350 organizations, said the researcher, hinting that this has already become a large and dangerous campaign.
The victims are mostly “well -established community improvement groups, colleges and universities, media, an outstanding health information group and organizations that promote arts and culture.”
Unfortunately, it is impossible to know how many login credentials managed to obtain criminals so far. Apparently, Microsoft blocked some of the phishing pages.
