🚨 There’s a new phishing scam doing the rounds, and this one’s smart.
Very smart.
Researchers recently discovered cybercriminals using real Microsoft tools (like Dynamics 365 Customer Voice) to launch fake email campaigns designed to steal your login details.
At first glance, the emails look legit 🧐
They come from real (but compromised) email accounts and talk about things like settlement statements or EFT payment info. Perfect bait for business owners.
Click the link, and you’re taken to a CAPTCHA page that seems normal.
BUT… what comes next is a fake Microsoft 365 login page… designed to steal your username, password, and even your multi-factor authentication (MFA) code.
😬 Wait… MFA can be bypassed?
Sadly, yes.
While MFA is still an essential layer of protection, it’s not bulletproof. In this case, attackers trick people into entering their MFA codes in real time. They’re quick enough to use those codes before they expire.
What makes this scam worse is that it uses Microsoft’s own platforms to add credibility. Dynamics 365 Customer Voice is a legit tool used by half a million businesses, including most of the Fortune 500. So it’s no wonder people fall for it.
💡 What can you do?
This is a good moment to remind your team:
👉 Don’t trust links in emails, even if they look professional
👉 Check the sender’s email address carefully
👉 Always double-check with a colleague or provider before logging in to anything sensitive
And if you’re not sure your business is properly protected from scams like this, it might be time for a quick security review.
🔐 I help businesses like yours put the right safeguards in place. And you don’t need a degree in cybersecurity to understand them.
🤔 Have you ever had a suspicious email land in your inbox and almost clicked it? What stopped you?
#Phishing #CyberSecurity #Microsoft365