HQ/EMEAFind out how we can help your business
Phishers have increased their malicious campaigns by using Microsoft Forms to target MS 365 users and reveal their account credentials. Reports revealed that these malicious MS Forms redirect targeted users to phishing pages that impersonate Microsoft 365 and Adobe.
MS Forms is part of the Microsoft 365 product suite, which collects feedback and information through polls, quizzes, and surveys.
Recent investigations revealed that these campaigns frequently target the email accounts of business partners and vendors. In addition, the latest campaign of these attackers uses fake Microsoft mail error notices and bid invites.
Once users click on the offered links, they will be directed to a Microsoft Form with another link they are urged to follow to verify their accounts or see a purported secured document. However, these links will direct users to a fake Microsoft 365 or Adobe page that Microsoft does not host.
Microsoft still has problems with phishers despite developing security measures for counteracting such attacks.
Microsoft responded to the dangers posed by these phishers by developing automatic phishing protection to detect malicious password gathering in forms and surveys. Still, its security measures are insufficient as it does not always recognise malicious embedded URLs.
In addition, phishing emails are difficult to detect since they come from authentic email addresses and direct users to Microsoft Forms like the ‘forms[.]office[.]com,’ a reputable website. Hence, users have a crucial role in detecting these phishing tactics, as they can bypass almost all existing defences.
Furthermore, threat actors make their forms more credible by employing fraudulent page titles and well-known favicons. Favicons are little symbols that appear in the browser tab, and by exploiting Microsoft-related icons, attackers increase the legitimacy of their fake pages.
Researchers also explained that these visual cues might deceive viewers into believing they are on a legitimate Microsoft website.
The recommendation to avoid clicking on links in unsolicited emails is unlikely to be effective in these campaigns. However, users should still make it a habit to review any URL attached to a login page before disclosing their credentials.
