Tether Tip – Protect Yourself from Survey Phishing

Good Afternoon all,

Here is an impromtu Tether tip from our MD, John Hennessy.

Although this is more of a reminder of security than a Salesforce tip, today I was made aware of a new “scam” that has been uncovered. Here are the details:

Microsoft Office 365 users targeted in SurveyMonkey phishing

SurveyMonkey is being used to hide phishing attacks against Microsoft Office 365 users.

SurveyMonkey was used as a disguise for a potentially damaging phishing attack that targeted Microsoft Office 365 users. Researchers at Abnormal Security recently uncovered attempts to steal Office 365 user credentials using SurveyMonkey as cover.

In the campaign, the victim receives an email from a genuine SurveyMonkey site, stating it is conducting a survey among company employees. However, the message contains a hidden redirect link, appearing as the text “Navigate to access statement” with the brief message “Please do not forward this email as its survey link is unique to you”.

SurveyMonkey phishing

When clicked on, this link instead redirects the victim away from SurveyMonkey to a Microsoft form submission page, which tells the user to submit their Office 365 email and password, allowing the criminals to steal the unsuspecting user’s Microsoft account security credentials.

Abnormal Security notes that this attack may be particularly effective due to its use of a real SurveyMonkey link to hide the nefarious goals within. The email messages carrying the phishing link also use official SurveyMonkey phrases and content, tricking users into believing the message is genuine.

Since the phishing URL is not visible within the body text, it is also easy for victims to be tricked and miss this at first glance. “Phishing is one of the most successful and long-standing cybercriminal tactics, and the constant evolution in the methodology as seen in these attacks goes some of the way to understanding why,” noted Niamh Muldoon, senior director of trust and security at OneLogin.

Always be careful when opening unsolicited emails that ask you to open an attachment or click a link – even if the sender is someone you know. Always check a link is going to where it is supposed to.

Why is it important to be aware of such scams? Simply, your security, both personal and business wise. Many companies (ours included) use Active Directory and Single Sign on tools to manage log in and passwords. It is seen as a safe way to manage team access to company tools. In our case, Sharepoint, Teams and our own Salesforce org.

Now I am not one to scaremonger or intentionally perpetuate the stigma that the internet is not safe. In reality it is very safe if people take the right precautions.

The above scam can be avoided. If you get an email that looks suspicious then it usually is. Look at the sender email address. Typically scam emails are sent from obscure emails but if the email looks like it is coming from a legit sender but you are still concerned then simply hit the delete button.

If you do happen to click a link (we have all done it), then please remember to never give out any information on a form.

Things like:

  • Reconfirming your email address or asking for a user name
  • Passwords
  • Date of birth

Be safe, be vigilant and if you enjoy content like this please let us know and we would be more than happy to share future security tips and alerts on phising and scams.

Keep safe and as always if you need anything myself and the team are here to help.

#tethertip #security

Share the Post: