Microsoft Office 365 users targeted with SurveyMonkey phishing email campaign

Security researchers have discovered a new phishing attack on Microsoft's Office 365 users. Cyberattackers used a theme of the common SurveyMonkey online polling service to target these users.

According to researchers at Abnormal Security, Microsoft Office 365 users received a seemingly real SurveyMonkey domain (surveymonkeyuser.com). The catch here is that the reply-to domain is very different and was registered just a month ago. The email then directs to a SurveyMonkey-like interface to submit the survey. As expected, the website is a phishing page that aims to steal your credentials.

You may be interested in

MobilesTablets Laptops

7% OFF

Apple iPhone 15 Pro Max

• Black Titanium
• 8 GB RAM
• 256 GB Storage

₹148,900₹159,900

Buy now

23% OFF

Samsung Galaxy S23 Ultra 5G

• Green
• 12 GB RAM
• 256 GB Storage

₹115,999₹149,999

Buy now

Google Pixel 8 Pro

• Obsidian
• 12 GB RAM
• 128 GB Storage

₹106,998

Check details

Apple iPhone 15 Plus

• Black
• 6 GB RAM
• 128 GB Storage

₹87,900

Check details

34% OFF

Xiaomi Pad 6

• Mist Blue
• 6 GB RAM
• 128 GB Storage

₹26,299₹39,999

Buy now

55% OFF

Lenovo Tab M10 5G

• Abyss Blue
• 6 GB RAM
• 128 GB Storage

₹20,999₹47,000

Buy now

32% OFF

Realme Pad 2

• Imagination Grey
• 6 GB RAM
• 128 GB Storage

₹19,790₹28,999

Buy now

Honor Pad X9

• Gray
• 4 GB RAM
• 128 GB Storage

₹14,999

Check details

27% OFF

Microsoft Surface Studio A1Y 00022

• Platinum Silver
• 16 GB LPDDR4X RAM
• 512 GB SSD

₹179,990₹245,900

Buy now

7% OFF

Microsoft Surface Pro 8 8PV 00029

• Graphite Black
• 16 GB DDR4 RAM
• 256 GB SSD

₹139,999₹149,999

Buy now

47% OFF

Microsoft Surface 4 5UI 00049

• Platinum Silver
• 8 GB DDR4 RAM
• 256 GB SSD

₹98,000₹186,500

Buy now

28% OFF

Microsoft Surface Pro 7 M1866 VDH 00013

• Platinum
• 4 GB LPDDR4X RAM
• 128 GB SSD

₹74,000₹102,990

Buy now

Security researchers warn that if the user isn't vigilant, they may end giving up their private details such as passwords. This will further lead to their linked and other accounts compromised.

Researchers further explain why this phishing campaign has become more successful. One of the reasons is that the URL doesn't show up in the body text which makes it difficult to spot the phishing email at first glance. The process of taking to the page is also quite similar to SurveyMonkey's. Users who participate in such surveys may not be able to tell the difference.

Another big factor is that the sender email seems legitimate. The email contents also have a real address and link back to the official website. After making the phishing email look almost like an official one, it leverages upon what researchers describe as “predictable behaviour.”

“Because the email mentions that each survey link is unique to each recipient of the email, users may be primed to think that the login page is there to validate that their responses are from the legitimate recipient of the email. Thus, the behaviour isn't unexpected (even if it's aytpical – recipients should never enter their email credentials into a survey, regardless of which service is providing it),” say researchers in a post.

The new report comes after Microsoft acknowledged that attackers targeted its Office 365 users across the world. Microsoft, however, was able to thwart the attacks through a recent court ruling, which allowed the company to acquire domains used by the cybercriminals and prevent them from being used for cyber-attacks.