Cyber criminals use legitimate Microsoft Dynamic 365 Customer Voice software to send phishing links to steal customer data. Security researchers from Avanan and CheckPoint show how insidious the whole thing is.
Dynamics 365 Customer Voice is a Microsoft product primarily intended to receive feedback from customers. It can be used for customer satisfaction surveys to track feedback and aggregate data into actionable insights. Additionally, it can also be used to interact with over the phone, collecting the data for further customer input. Instead of using this feature to collect customer feedback, cyber criminals are now trying to steal their data.
Static Expressway bypasses security scanners
They take advantage of the so-called Static Expressway, a technique that legitimate websites exploit to bypass security scanners. The logic is this: security services cannot simply block Microsoft - otherwise it would be impossible for all users of Microsoft services to do their job. Instead, these links from trusted sources are usually automatically trusted. This has given cybercriminals an opportunity to sneak in.
Similar examples of this can be found on Facebook, PayPal, QuickBooks or others. It's incredibly difficult for security solutions to figure out what's real and what's behind the seemingly legitimate link. Also, while many services recognize a link from a known address, they do not scan it by default.
Phishing link is not recognizable
🔎 The link to the voice mail looks safe - but then leads to a phishing page (Image: Avanan).
This is a particularly tricky attack as the phishing link only appears in the last step. Users are first redirected to a legitimate page - so hovering over the URL in the email body offers no protection. In this case, it's important to remind users to pay attention to all URLs, even if they're not in an email. These attacks are very difficult for scanners to stop and even more difficult for users to detect.
To protect against these attacks, users can do the following:
- Thoroughly review all URLs, including those that aren't in the body of the email.
- If you receive an email with a voicemail, make sure it's a known type of email before engaging in it.
- If you're unsure about an email, ask the original sender on another communication channel.
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.