News

Security Firm Warns of Current Microsoft Forms Phishing Attacks

Israel-based security firm Perception Point has uncovered an increase in phishing activity using  Microsoft Office Forms to execute a two-step phishing attack.

The company said that Forms, which is Microsoft's free marketing tool for creating quizzes, online surveys and questionnaires, malicious campaigns that begin with targeted victims receiving a malicious email that directs them to what looks like a legitimate Microsoft Form.
These forms, which appear legitimate, contain links that lead to a fake login page mimicking a Microsoft 365 or Adobe account page. Once sent, the attackers then engage in an "external account takeover," to launch the two-step phishing attack.

"In a two-step phishing attack, the attacker first gains access to a legitimate email account and sends targeted emails from this compromised account," wrote Perception Point. "These messages appear trustworthy, prompting recipients to click on a link that leads to a legitimate website. This is the first step, where the attacker uses the high reputation of legitimate sites like Office Forms, Canva, and many others to evade detection."
The second phase then is activated once the user clicks on the link, redirecting them to a malicious page in the goal of targeted victims sharing their Microsoft 365 credentials. What makes this attack so devious is that the redirect URL uses the front facing legitimate URL https://forms.office.com to trick users into clicking.

According to Perception Point, it has seen a dramatic increase in these attacks in the month of July:

[Click on image for larger view.] Figure 1. The spike in phishing incidents in Microsoft's Forms. Courtesy of Perception Point.

While Perception Point offers solutions to mitigate the risk of phishing attacks through Forms and other Microsoft 365 services, Microsoft has what it calls "proactive phishing prevention" built into Forms. The company has an automated machine reviews feature in Forms that detect and flag password collection through surveys and forms. It also has a feature baked in where users can manually flag possible suspicious phishing attempts inside Forms.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

comments powered by Disqus

Subscribe on YouTube

Upcoming Training Events

0 AM
TechMentor @ Microsoft HQ
August 11-15, 2025