1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This Microsoft 365 phishing campaign can bypass MFA - here's what

    From TechnologyDaily@1337:1/100 to All on Monday, May 12, 2025 13:15:08
    This Microsoft 365 phishing campaign can bypass MFA - here's what we know

    Date:
    Mon, 12 May 2025 12:00:00 +0000

    Description:
    Crooks are abusing Dynamics 365 Customer Voice to redirect victims to convincing credential harvesting pages.

    FULL STORY ======================================================================Research ers spotted a new phishing campaign, abusing Dynamics 365 Customer Voice Microsoft's tool has more than 500,000 users Many of the users are Fortune
    500 companies

    Researchers from Check Point have discovered a new phishing campaign, abusing a legitimate Microsoft product in an attempt to steal peoples login credentials .

    In a new blog post , published earlier this May, the researchers said that
    the unnamed attackers would send phishing emails from previously compromised accounts, and would include fake Dynamics 365 Customer Voice links.

    Dynamics 365 Customer Voice is a tool designed to help businesses collect, analyze, and act on customer feedback in real time. It includes things like voice recordings, customer reviews monitoring, surveys, and similar.
    According to Check Point, the threat landscape is vast and quite potent,
    since it is used by at least 500,000 Organizations, including 97% of Fortune 500 companies.

    60% off Premium Plans

    New users can take advantage of RoboForms exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.

    Preferred partner ( What does this mean? ) View Deal Thousands of targets

    The topics of the emails are financially focused, the researchers added. Subject lines usually revolve around settlement statements, ALTA, EFT payment info, or closing disclosures. In one example, the researchers would add a
    link leading to the malicious landing page, right next to a legitimate link. The malicious link first takes the victims to a CAPTCHA page, after which
    they are redirected to a credential harvesting page.

    Check Point also said that the attackers are able to capture MFA codes as well, although they didnt explain exactly how it is being done.

    So far, the attackers managed to send more than 3,000 emails, targeting at least a million different inboxes. These belong to more than 350 organizations, the researcher said, hinting that this has already turned into a large, dangerous campaign.

    Victims are mostly well-established community betterment groups, colleges and universities, news outlets, a prominent health information group, and organizations that promote arts and culture.

    Unfortunately, it is impossible to tell how many login credentials the miscreants managed to obtain so far. Apparently, Microsoft blocked some of
    the phishing pages already. You might also like Millions of online shoppers could be at risk from hardcoded Shopify tokens Take a look at our guide to
    the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-microsoft-365-phishing-campaign-ca n-bypass-mfa-heres-what-we-know


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)