Cybercriminals abuse Microsoft Dynamics 365 in phishing attacks

Microsoft services allow you to create forms with embedded links, a feature that phishers take advantage of. Since the service is legitimate, users feel safe when opening these links.
See example: https://app.any.run/tasks/b98c9525-1d5b-49c0-95c1-34a2048e14dc/

Our team followed the trail of R2 buckets and took on the challenge of finding even more trusted domains being misused as phishing lures.

With TI Lookup, we uncovered a link that tricked users into attempting to access a non-existent PDF file hosted on a legitimate Microsoft website.

Phishing URL:
hxxps://customervoice.microsoft[.]com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUNVIzNlI5MEhCNlBPRFMwMklUV0JZVTkxVS4u

Use this TI Lookup query to find samples employing this technique:
https://intelligence.any.run/analysis/lookup

https://preview.redd.it/kb9712q6se6e1.png?width=1200&format=png&auto=webp&s=f1ef3084ba86429418646809e7058aaf5ca2c57a

Madison Howard

Share Your Mood

ANYRUN-team

Cybercriminals abuse Microsoft Dynamics 365 in phishing attacks