Urgent Advisory: Phishing Campaign Exploiting Microsoft Customer Voice

At Network Integration Specialists, Inc., we prioritize your digital safety and keep you updated on emerging cybersecurity threats. We want to alert you to a sophisticated phishing campaign that exploits Microsoft’s Dynamics 365 Customer Voice feature.

What You Need to Know:

1. The Threat: Cybercriminals are sending emails that appear to be from Microsoft’s Customer Voice service. These emails falsely claim that you have received a voicemail and prompt you to click on a link.
2. The Deception: The emails use the old name 'Forms Pro' and contain links that initially lead to a legitimate Microsoft domain. This makes the emails seem safe and bypasses many email security filters.
3. The Trap: Clicking the embedded button in the email redirects you to a legitimate site. From there you are presented with another link, this time to the malicious site.  This site is designed to steal your credentials and/or personal information.
4. Why It’s Effective: The phishing link is hidden until the final step, making it challenging for both users and security scanners to detect the threat.

How to Protect Yourself:

1. Be Cautious with Email Links: Even if an email appears to be from a trusted source, be wary of clicking on links or buttons within the email. Remember, hovering over links may not be sufficient in this case, as the initial link appears legitimate and is hosted on a Microsoft domain.
2. Verify Unexpected Communications: If you receive an unexpected voicemail or file download notification via email, verify its authenticity through other means before clicking any links.
3. Educate Your Team: Inform your staff about this specific phishing technique, emphasizing that hovering over links is not always a reliable security measure. Remind them to be vigilant about all communications.
4. Implement Multi-Factor Authentication: This adds an additional layer of security, making it harder for attackers to gain access even if they obtain credentials.
5. Stay Updated: Ensure that all your systems are updated with the latest security patches.  For all of our Managed Services customers, Network Integration Specialists, Inc. handles this for all of your endpoints.  We will gladly send you an organizational patch report upon request.

Network Integration Specialists, Inc. is Here For You:

I am very pleased to inform you that our NIS DNSFilter product stopped this threat at one of our customer sites.  It is important to understand, however, that these threats have a variety of ways they can manifest.  NIS DNSFilter caught this particular attempt because the threat actor was using a Parked Domain to house the malicious payload.  If the threat actor had used slightly different techniques, it could very well be a different story.  This emphasizes several things about the threat landscape.  First, user education is still the most effective way to prevent cyber attacks on your organization.  The second point is that protecting against cyber threats is an ever evolving process.  Telling the users to hover over links in emails was very effective in the past.  With the type of threat seen here, verifying by hovering is not effective, since the first link goes to a legitimate service.  Third, maintaining layers of protection products is crucial in protecting your environment.  We rely on several layers to properly protect our customers when newer threats like this one emerge.

We are closely monitoring this situation and are here to assist with any security concerns you may have. Our team is ready to provide support and guidance to ensure your business remains protected.

For any questions or to report suspicious activity, please contact us immediately. Your security is our utmost priority.

Stay safe out there folks!

Doug