Security Awareness – Microsoft Forms Abused in Phishing Campaign

In addition to other widespread phishing campaigns, there have been notable phishing attacks exploiting Microsoft tools over the last month. A recent campaign is leveraging Microsoft Forms, a tool within the Microsoft 365 product suite designed for collecting feedback and information through surveys, quizzes, and polls. WaterISAC is sharing this for member awareness of current threats in Microsoft tools. Due to its accessibility and widespread use, Microsoft Forms has become a target for malicious actors aiming to extract Microsoft 365 login credentials.

These phishing campaigns typically involve attackers leveraging compromised email accounts from legitimate business partners, to then send phishing emails often posing as fake mail error notifications. Upon clicking the links provided, users are directed to a Microsoft Form that lures them into clicking an additional link, leading to fraudulent pages that impersonate Microsoft 365 or Adobe.

This comes as we continue to see threat actors confounding users with fake Word and OneDrive errors, which trick users into literally copying and pasting malicious PowerShell scripts into their Windows terminals. See WaterISAC previous reporting for more details on this threat.

Despite Microsoft’s efforts to implement protective measures against such phishing attempts, threat actors continue to find success, underscoring the importance of user vigilance in spotting potential threats that are able to bypass technical controls. Users are advised to exercise caution with unsolicited emails, be skeptical about emails purporting to come from trusted sources, and always verify the URLs of unexpected login pages before entering any credentials. For more information, visit Help Net Security.