Microsoft Office 365 users targeted with SurveyMonkey phishing email campaign
Security researchers warn these phishing emails look like legitimate SurveyMonkey online surveys. Here is everything you need to know about the new cyberattack.
Security researchers have discovered a new phishing attack on Microsoft’s Office 365 users. Cyberattackers used a theme of the common SurveyMonkey online polling service to target these users.
According to researchers at Abnormal Security, Microsoft Office 365 users received a seemingly real SurveyMonkey domain (surveymonkeyuser.com). The catch here is that the reply-to domain is very different and was registered just a month ago. The email then directs to a SurveyMonkey-like interface to submit the survey. As expected, the website is a phishing page that aims to steal your credentials.
Security researchers warn that if the user isn’t vigilant, they may end giving up their private details such as passwords. This will further lead to their linked and other accounts compromised.
Researchers further explain why this phishing campaign has become more successful. One of the reasons is that the URL doesn’t show up in the body text which makes it difficult to spot the phishing email at first glance. The process of taking to the page is also quite similar to SurveyMonkey’s. Users who participate in such surveys may not be able to tell the difference.
Another big factor is that the sender email seems legitimate. The email contents also have a real address and link back to the official website. After making the phishing email look almost like an official one, it leverages upon what researchers describe as “predictable behaviour.”
“Because the email mentions that each survey link is unique to each recipient of the email, users may be primed to think that the login page is there to validate that their responses are from the legitimate recipient of the email. Thus, the behaviour isn’t unexpected (even if it’s aytpical – recipients should never enter their email credentials into a survey, regardless of which service is providing it),” say researchers in a post.
The new report comes after Microsoft acknowledged that attackers targeted its Office 365 users across the world. Microsoft, however, was able to thwart the attacks through a recent court ruling, which allowed the company to acquire domains used by the cybercriminals and prevent them from being used for cyber-attacks.