web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Can a "Svc.Dynami...
Microsoft Dynamics 365 | Integration, Dataverse...
Suggested Answer

Can a "Svc.Dynamics.com" link be used as a redirection link? (Such as in a phishing e-mail?)

(3) ShareShare
ReportReport
Posted on by RSteer 16

I originally asked the following in the "Fraud Protection" forum, but silly me, they have nothing to do with whether Dynamics could be used to disguise fraudulent activity. 
So maybe someone can tell me which forum I should be using, although I really think my question should be simple enough for almost any Dynamics user to be able to answer.  (I don't use Dynamics; I just provide cybersecurity advice (among other things) to my organization.)
Stripped-down version of question:  Can a "Svc.Dynamics.com" link be used as a redirection or forwarding link to another (non-Dynamics) site?  For instance, in the general form "xxxx.Svc.Dynamics.com/t/r/..."?

A colleague in my Federal agency received what LOOKS like a fairly primitive phishing e-mail (bad grammar, typical "your account is locked" scenario, etc.) where the phishing link was in that form.  Neither of us had heard of "Dynamics.com", so she wondered if it was a malicious domain.

Evidently it's not, but I'm wondering if Dynamics has the functionality to redirect a user who clicks on such a link?

(If it can, then a malicious actor could use a legitimate Dynamics account to disguise a phishing link in the same way phishers often use "URL-shortening" services like Bit.Ly.)

Thanks.

I have the same question (0)
  • RSteer Profile Picture
    RSteer 16 on at

    Apologies about the weird formatting and missing line-breaks -- they were there when I wrote the message, and it was all the same size font.  The in-line editor seems very funky.

  • Tin_Man Profile Picture
    Tin_Man 10 on at

    Ok, now I have the same question!  I have an email now that went to my client, apparently from someone they know and talk to frequently. This email seems simple enough in that it requests to review a document. The link in the email sent me to a box.com site with a pdf file and in that pdf file there is another link to click on. Annoyingly enough I can't even right click on that link to get a copy of of the URL. And as complicated as this all sounds it was only 2 clicks to a svc.dynamics.com url.  So is Microsoft Dynamics sending out phishing emails? or maybe someone found a way to exploidt a feature? Because this is awfully suspicious and i would prefer a solution though Microsoft's awareness rather than Microsoft showing up in the news again about some new vulnerability again.

  • Suggested answer
    Tin_Man Profile Picture
    Tin_Man 10 on at

    Ok, so to answer your question, YES the svc.dynamics.com links can be used to redirect to Microsoft Sharepoint servers, apperantly even hosted by 3rd party or even self hosted Sharepoint servers and from there well the sky's the limit. Sharepoint servers can serv up any number of files as well as redirects and the worst part is that it could very well have an ssl certficiate.

  • Suggested answer
    DAnny3211 Profile Picture
    DAnny3211 11,397 on at
    Hi,
    Yes, links with the format `*.svc.dynamics.com/l/r/...` can potentially be used as redirection mechanisms, depending on how they are configured within the Dynamics 365 environment. These links are often part of Dynamics 365's email and document routing features, and in legitimate use cases, they may redirect users to SharePoint or other integrated services.
    However, this capability can be exploited if a malicious actor gains access to a legitimate Dynamics 365 tenant. In such cases, phishing emails may include these links to lend credibility and bypass basic filters, while ultimately redirecting users to harmful destinations.
    To mitigate this risk:
    - Ensure your organization has **email authentication protocols** (like SPF, DKIM, DMARC) properly configured.
    - Use **Microsoft Defender for Office 365** or similar tools to scan and analyze URLs in emails.
    - Educate users to verify links before clicking, even if they appear to be from trusted domains.
    You can refer to Microsoft’s official documentation on Safe Links and URL protection for more details.
     
    Please verify if this addresses your concern.
    Thanks and best regards,  
    Daniele  
    *Note: This response was prepared with support from Copilot to ensure clarity and completeness.*

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
Siv Sagar Profile Picture

Siv Sagar 93 Super User 2025 Season 2

#2
#ManoVerse Profile Picture

#ManoVerse 80

#3
Martin Dráb Profile Picture

Martin Dráb 64 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans