10 Jul SurveyMonkey Phishers Go Hunting for Office 365 Credentials
Security researchers are warning of a new phishing campaign that uses malicious emails from legitimate SurveyMonkey domains in a bid to bypass security filters.
The phishing emails in question are sent from a real SurveyMonkey domain but crucially have a different reply-to domain, according to Abnormal Security.
“Within the body of the email is a hidden redirect link appearing as the text ‘Navigate to access statement’ with a brief message ‘Please do not forward this email as its survey link is unique to you’” it explained.
“Clicking on the link redirects to a site hosted on a Microsoft form submission page. This form asks the user to enter their Office 365 email and password. If the user is not vigilant and provides their credentials, the user account would be compromised.”
The attack is effective for several reasons: its use of a legitimate SurveyMonkey email sender, the concealing of the phishing site URL and the description of the email as unique to every user.
“Users may be primed to think that the login page is there to validate that their responses are from the legitimate recipient of the email. Thus, the behavior isn’t unexpected,” argued Abnormal Security.
David Pickett, senior cybersecurity analyst at ZIX, explained that attacks like these are increasingly common: he claimed that the vendor blocked around 590,000 phishing emails abusing legitimate services like SurveyMonkey in the past week alone.
“Credential phishing using legitimate survey forms is a favorite attack vector by quite a few different groups over the past two years,” he added.
“We track these ‘living off the land’ attacks and have found that the most often abused legitimate forms/survey providers in order from greatest to least volume are Google, Microsoft, SurveyGizmo and HubSpot.”
We’re Urban Network, we can help save your Business.
We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Shoreditch.
Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.
Among our range of skills, we have a specialism in boosting Security. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.
If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.
News Source: https://www.infosecurity-magazine.com/