Avanan, a Check Point Software Company has shared the latest tactics being deployed by hackers to take advantage of vulnerable consumers.
Dynamics 365 Customer Voice, a Microsoft product primarily used to gain feedback from customers via satisfaction surveys, is being exploited by hackers using the program to send phishing links in an attempt to steal customer information.
Avanan has seen a dramatic increase in Dynamics 365 attacks in recent weeks, with hackers using spoofed scanner notifications to send malicious files. Hackers are continually using what Avanan calls ‘The Static Expressway’ to reach end-users – a technique that leverages legitimate sites to get past security scanners.
“This opportunity has been created for hackers due to a lack of items being blocked from what are perceived as trusted “Microsoft” sources.” says Avanan
This is a particularly difficult attack for consumers to detect with the phishing link – the tool being used to exploit customers – not appearing until the final step.
Users are first directed to a legitimate page – meaning hovering over the URL in the email body won’t trigger a protection response. These attacks are incredibly difficult to stop for scanners and even harder for users to identify.
Email Example 1
Email Example 2
Email Example 3
To help consumers best protect themselves from potential hacks, Avanan suggests the following:
- Always hover over all URLs, even those not featured in the body of the email
- When receiving an email with a voicemail, determine if this is a typical email you would usually receive before engaging with its contents
- If you’re ever unsure about an email, enquire with the original sender
Avanan has also recently seen an increase in similar attacks through other platforms, including Facebook, PayPal, QuickBooks, and more.
