Analysts at the Cofense Phishing Defense Center (PDC) see all sorts of tactics being used by threat actors to make their phishing campaigns more effective. Recently the PDC has observed phishing campaigns abusing Microsoft Customer Voice URLs, similar to the campaign reported in August. While Microsoft Customer Voice is a customer engagement/survey service that is used for plenty benign and useful reasons, threat actors are always trying to abuse such avenues.
As seen in Figure 1, the body of this email attempts to appear legitimate due to the use of the Microsoft SharePoint logo, as well as the simple formatting of the body which convinces the user receiving the email that this is an authentic document being delivered through SharePoint. In the message itself, the threat actor is trying to persuade the recipient to click “Go To Document >>,” leading to the first page of the phishing attack at a Microsoft Customer Voice URL. By using such a Microsoft URL, the user can be tricked into believing this is a legitimate email. ...read more!
