JAKARTA Phishing fraud mode continues to grow over time. This time, cybercriminals take advantage of Microsoft services such as Dynamics 365 Customer Voice to steal data.
Dynamics 365 Customer Voice is a management software that helps the company track customer metrics. Using this app, the company can record customer calls, track feedback, or share surveys.
Based on the results of Check Point's research, cybersecurity companies, criminals use customer accounts to include malicious data. They will infiltrate and send files, invoices, and fake Dynamics 365 Customer Voice links.
All of this data was sent via email using an address that looks valid so that the email recipient is provoked. So far, there are 3,370 emails that have been distributed and the false content in them has succeeded in reaching employees from hundreds of companies and organizations.
The Check Point report noted that these employees came from 350 organizations and most of the victims came from the US. Although it was not explained what the organization was, the sector was successfully revealed.
The average phishing organization targeted is established community groups, universities, news media, leading health organizations, to organizations promoting arts and culture.
Many employees are deceived because the customer mentions finance. For example, the fake account discusses the settlement statement, EFT payment information, and much more.
SEE ALSO:
"The email itself includes a fake link. The link claims that the recipient has received a new voicemail or PDF document. All messages are intended to make them appear valid," said Check Point in a statement received by VOI on Wednesday, May 7.
In an email, criminals will include valid links and additional links that are actually fake. If this fake link is opened, employees will be directed to the Captcha test to ensure that this email interaction is genuine.
"After that, the receiver is directed to the phishing site, which imitates Microsoft's login page. This is where the attacker tries to steal user information. The main purpose of this phishing campaign is to steal user credentials," said Check Point.
If the data is stolen, the attacker will get information such as the company's internal accounts, financial data to steal the funds, to provide operational disruptions. Although Microsoft has tried to block this phishing mode, the number of victims is still increasing.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
