Phishing attacks are leveraging online surveys created with Microsoft Excel and Forms. As such, it’s best practice to be cautious when dealing with unsolicited links to forms.office.com or onedrive.live.com. Although these are official Microsoft websites, they are (of no fault of Microsoft’s) being utilized in these attacks.

How the Attack Works

Cybercriminals are using the survey creation tool in Microsoft Office Excel and Forms as a tool to deliver phishing attacks. Below are some examples.

The survey link in the HR email above leads to a phishing form hosted on Microsoft OneDrive.

Notice how the formatting of the word “Password” is unusual. It’s done this way to avoid automatic detection by web scanners.

In the example above, the email claims the receiver has a voicemail message. However, when the link to the message is clicked, it leads to a phishing survey.

Such emails will often say the receiver has mailbox sync issues, unread emails, new voicemails, or unpaid invoices. However, attackers are always coming up with new deception tactics.

Why It’s Successful

Scammers use Microsoft Excel and Forms for this scam for a variety of reasons.

1. Because the links will always start with either forms.office.com or onedrive.live.com (both legitimate Microsoft URLs) a lot of people won’t question the forms’ trustworthiness.
2. Due to the URLs being genuine, many potential victims may let their guard down.
3. Automatic security filters may not successfully detect such emails/links as malicious because the URLs lead to legitimate Microsoft websites.

How to Protect Yourself

Although Microsoft has practices and policies in place to detect and thwart such phishing scams, there are things you should do to protect yourself and others against these scams, too.

• Beware of suspicious email addresses — especially ones sent from email providers such as Gmail or Outlook.
• Never enter sensitive information, such as your password, into online forms or surveys.
• If you see a suspicious survey that you believe may be a phishing attack in disguise, click “Report abuse” at the bottom of the survey and follow the on-screen prompts to report it as malicious.

• Never click on links or attachments from unknown sources. Use Trend Micro Check to surf the web safely (it’s free!).
• Add an extra layer of protection to your devices with Trend Micro Maximum Security. Its Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection can help you combat scams and cyberattacks. Click the button below to give it a try: