1. Home
  2. /
  3. IT Security
  4. /
  5. SurveyMonkey Phishers Go Hunting...

SurveyMonkey Phishers Go Hunting for Office 365 Credentials

Security researchers are warning of a new phishing campaign that uses malicious emails from legitimate SurveyMonkey domains in a bid to bypass security filters.

The phishing emails in question are sent from a real SurveyMonkey domain but crucially have a different reply-to domain, according to Abnormal Security.

“Within the body of the email is a hidden redirect link appearing as the text ‘Navigate to access statement’ with a brief message ‘Please do not forward this email as its survey link is unique to you’” it explained.

“Clicking on the link redirects to a site hosted on a Microsoft form submission page. This form asks the user to enter their Office 365 email and password. If the user is not vigilant and provides their credentials, the user account would be compromised.”

The attack is effective for several reasons: its use of a legitimate SurveyMonkey email sender, the concealing of the phishing site URL and the description of the email as unique to every user.

“Users may be primed to think that the login page is there to validate that their responses are from the legitimate recipient of the email. Thus, the behavior isn’t unexpected,” argued Abnormal Security.

David Pickett, senior cybersecurity analyst at ZIX, explained that attacks like these are increasingly common: he claimed that the vendor blocked around 590,000 phishing emails abusing legitimate services like SurveyMonkey in the past week alone.

“Credential phishing using legitimate survey forms is a favourite attack vector by quite a few different groups over the past two years,” he added.

“We track these ‘living off the land’ attacks and have found that the most often abused legitimate forms/survey providers in order from greatest to least volume are Google, Microsoft, SurveyGizmo and HubSpot.”

 

Want to get the best solution for your business?

At Tristar Tech Solutions, we take a realistic approach to technology – ensuring our client’s systems are best protected.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.

To book a consultation or to arrange a further discussion, please get in touch.

If you’re looking for IT support in Hertfordshire or IT support in North London, contact us today, and a member of our team would be more than happy to advise you.

News Source: https://www.infosecurity-magazine.com/

Menu