Microsoft Dynamics 365 | Integration, Dataverse...

Can a "Svc.Dynamics.com" link be used as a redirection link? (Such as in a phishing e-mail?)

(0) Share

Report

Posted on by RSteer

I originally asked the following in the "Fraud Protection" forum, but silly me, they have nothing to do with whether Dynamics could be used to disguise fraudulent activity.

So maybe someone can tell me which forum I should be using, although I really think my question should be simple enough for almost any Dynamics user to be able to answer. (I don't use Dynamics; I just provide cybersecurity advice (among other things) to my organization.)

Stripped-down version of question: Can a "Svc.Dynamics.com" link be used as a redirection or forwarding link to another (non-Dynamics) site? For instance, in the general form "xxxx.Svc.Dynamics.com/t/r/..."?

A colleague in my Federal agency received what LOOKS like a fairly primitive phishing e-mail (bad grammar, typical "your account is locked" scenario, etc.) where the phishing link was in that form. Neither of us had heard of "Dynamics.com", so she wondered if it was a malicious domain.

Evidently it's not, but I'm wondering if Dynamics has the functionality to redirect a user who clicks on such a link?

(If it can, then a malicious actor could use a legitimate Dynamics account to disguise a phishing link in the same way phishers often use "URL-shortening" services like Bit.Ly.)

Thanks.

All responses (3)

Answers (0)

Suggested answer

Tin_Man 10 on at

Like (0)

Report

RE: Can a "Svc.Dynamics.com" link be used as a redirection link? (Such as in a phishing e-mail?)

Ok, so to answer your question, YES the svc.dynamics.com links can be used to redirect to Microsoft Sharepoint servers, apperantly even hosted by 3rd party or even self hosted Sharepoint servers and from there well the sky's the limit. Sharepoint servers can serv up any number of files as well as redirects and the worst part is that it could very well have an ssl certficiate.
Tin_Man 10 on at

Like (0)

Report

RE: Can a "Svc.Dynamics.com" link be used as a redirection link? (Such as in a phishing e-mail?)

Ok, now I have the same question! I have an email now that went to my client, apparently from someone they know and talk to frequently. This email seems simple enough in that it requests to review a document. The link in the email sent me to a box.com site with a pdf file and in that pdf file there is another link to click on. Annoyingly enough I can't even right click on that link to get a copy of of the URL. And as complicated as this all sounds it was only 2 clicks to a svc.dynamics.com url. So is Microsoft Dynamics sending out phishing emails? or maybe someone found a way to exploidt a feature? Because this is awfully suspicious and i would prefer a solution though Microsoft's awareness rather than Microsoft showing up in the news again about some new vulnerability again.
RSteer 10 on at

Like (0)

Report

RE: Can a "Svc.Dynamics.com" link be used as a redirection link? (Such as in a phishing e-mail?)

Apologies about the weird formatting and missing line-breaks -- they were there when I wrote the message, and it was all the same size font. The in-line editor seems very funky.

Community site session details

Can a "Svc.Dynamics.com" link be used as a redirection link? (Such as in a phishing e-mail?)

Helpful resources

Quick Links

Daivat Vartak – Community Spotlight

Announcing Our 2025 Season 1 Super Users!

Kudos to the February Top 10 Community Stars!

Leaderboard

Featured topics

Product updates

Community site session details

Can a "Svc.Dynamics.com" link be used as a redirection link? (Such as in a phishing e-mail?)

Helpful resources

Quick Links

Daivat Vartak – Community Spotlight

Announcing Our 2025 Season 1 Super Users!

Kudos to the February Top 10 Community Stars!

Subscribe to this forum!

Select categories

Leaderboard

Featured topics

Product updates