Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Hackers Abusing Microsoft Dynamics 365 Customer Voice to Steal Credentials

Check Point Software company Avanan has shared details of how hackers are trying to abuse Dynamics 365 Customer Voice in their recent findings.

According to Avanan’s research, threat actors abuse authentic-looking links from Microsoft notifications to deliver credential-stealing pages. The attackers send malicious emails disguised as survey feature from Dynamic 365, notifying the victim about a new voicemail message. There’s another email that contains a legit customer voice link from Microsoft. 

However, when an unsuspected victim clicks on Play Voicemail, they are redirected to a phishing link of a page that looks exactly like a Microsoft login page. Since the Customer Voice Link is legit, scanners pass the email as legit. It all begins with the Play Voicemail button, as this button redirects to a phishing link.

What is Dynamics 365 Customer Voice, and how is it Abused?

For your information, Dynamics 365 Customer Voice is a product of Microsoft designed to get customers’ feedback. It is used for customer satisfaction surveys, tracking their feedback, and aggregating data to devise workable solutions. Furthermore, it is used to interact with customers by phone, and the data is mainly collected to get customer input.

In this attack, threat actors try to steal customer data instead of using this feature for customer feedback. Avanan researchers revealed that hackers use the Static Expressway to reach end-users. This technique leverages legitimate sites to bypass security scanners because the links are from trusted sources, so scanners cannot detect their maliciousness.

In their blog post, Avanan researchers suggest employing necessary best practices when clicking on any link. Be very suspicious of any incoming email asking you to click on a link to check voicemails.

This is a particularly tricky attack because the phishing link doesn’t appear until the final step. Users are first directed to a legitimate page–so hovering over the URL in the email body won’t provide protection. In this case, it would be important to remind users to look at all URLs, even when they are not in an email body.

Jeremy Fuchs – Avanan

  1. Zoom Phishing Scam Steals Microsoft Exchange Credentials
  2. Microsoft warns of phishing attack abusing open redirect links
  3. Scammers Leveraging Microsoft Team GIFs in Phishing Attacks
  4. Microsoft MSHTML flaw used in Gmail and Instagram phishing scam
  5. Microsoft, PayPal & Facebook most targeted brands in phishing scams


I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related News

Hackers using USB drives to spread malware in ongoing attack

Hackers using USB drives to spread malware in ongoing attack

According to a recent post by the cybersecurity firm Mandiant, USB drives are being used to hack targets in Southeast…
AI-Powered Smart Glasses Give Deaf People the Power of Speech

AI-Powered Smart Glasses Give Deaf People the Power of Speech

In a recent example of innovative technology making a positive difference, there is now new artificial intelligence (AI) powered smart…
16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

Seeing as scammers readily jump to capitalize on events with huge global interest, it comes as no surprise that Group-IB…