Microsoft Office 365 users targeted in SurveyMonkey phishing

(Image credit: wk1003mike / Shutterstock)

Online polling service SurveyMonkey was used as a disguise for a potentially damaging phishing attack that targeted Microsoft Office 365 users.

Researchers at Abnormal Security recently uncovered attempts to steal Office 365 user credentials using SurveyMonkey as cover. 

In the campaign, the victim receives an email from a genuine SurveyMonkey site, stating it is conducting a survey among company employees. However the message contains a hidden redirect link, appearing as the text “Navigate to access statement” with the brief message “Please do not forward this email as its survey link is unique to you”.

SurveyMonkey phishing

However when clicked on, this link instead redirects the victim away from SurveyMonkey to a Microsoft form submission page, which tells the user to submit their Office 365 email and password to proceed. However doing so allows the criminals to steal the unsuspecting user’s Microsoft account security credentials.

Abnormal Security notes that this attack may be particularly effective due to its use of a real SurveyMonkey link to hide the nefarious goals within. The email messages carrying the phishing link also use official SurveyMonkey phrases and content, tricking users into believing the message is genuine.

Since the phishing URL isn’t visible within the body text, it's also easy for victims to be tricked and miss this at first glance. 

"Phishing is one of the most successful and long-standing cybercriminal tactics, and the constant evolution in the methodology as seen in these attacks goes some of the way to understanding why," noted Niamh Muldoon, senior director of trust and security at OneLogin.

"As phishing attacks become increasingly common, and increasingly sophisticated — often tailored to a targeted team with an organisation — companies and consumers cannot rely on defending against 100% of attacks. Applying Multi-Factor Authentication (MFA) supports user awareness and conscious behaviour when it comes to phishing threats and associated risk of clicking on suspicious links."

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.