Finance | Project Operations, Human Resources, ...

Can a "Svc.Dynamics.com" link be used as a redirection link in a phishing e-mail?

(1) Share

Report

Posted on by RSteer

A colleague in my Federal agency received what LOOKS like a fairly primitive phishing e-mail (bad grammar, typical "your account is locked" scenario, etc.) where the phishing link is:

2892315232e342469ddd8529ecaed302.svc.dynamics[.]com/t/r/j0E6fiLhB7S4xTp0ybo43HjtIBvAo-7uG5kVQL5Cbvg#e___.webmaster@___.gov:489944848849949930-3993=3-00399e883930wwwwwww (Square brackets added to prevent accidental clicking, and underscores anonymize the recipient.)

From what I can tell (not actually being a Dynamics user), "svc.dynamics.com" is a legitimate, non-malicious domain. But I'm wondering if the behavior of Dynamics (or Svc.Dynamics) is such that a malicious actor can use this type of apparently legitimate link to redirect a "clicker" to a malicious destination?

Thanks.

Randy Steer.

I have the same question (0)

All responses (7)

Answers (0)

Suggested answer

ToddB Microsoft Employee on at

Like (0)

Report
Copy link

Link copied!

Hi Randy,

This is not something that the Fraud Protection team would be able to answer.

Please see the below in regard to Dynamics 365 Fraud Protection:

cloudblogs.microsoft.com/.../

It looks like the link is coming from Dynamics 365 Marketing.

https://docs.microsoft.com/en-us/dynamics365/marketing/developer/using-events-api

This could be legitimate and someone was sent it by mistake but this really isn’t related to Dynamics Fraud Protection.

This should be redirected to the Windows Security team.

Thanks in advance.

Was this reply helpful? Yes No
RSteer 16 on at

Like (0)

Report
Copy link

Link copied!

OK, so which Dynamics support forum would know enough about how the product works to be able to say if a "svc.dynamics.com" URL can redirect or forward someone to another website?

As I said, I don't use use Dynamics, I just provide cybersecurity advice to my organization, but that doesn't seem like it should be a difficult question for Dynamics users or support to answer.

Thanks.

Was this reply helpful? Yes No
ToddB Microsoft Employee on at

Like (0)

Report
Copy link

Link copied!

Hi Randy,

As mentioned, it looks like the link is coming from Dynamics 365 Marketing.

docs.microsoft.com/.../using-events-api

This could be legitimate and someone was sent it by mistake but this really isn’t related to Dynamics Fraud Protection.

Here is the Dynamics Marketing forum:

community.dynamics.com/.../dynamics-365-for-marketing-forum

Hopefully this helps.

Was this reply helpful? Yes No
Collerz 15 on at

Like (0)

Report
Copy link

Link copied!

The link can be disguised

Was this reply helpful? Yes No
Rogers897 10 on at

Like (0)

Report
Copy link

Link copied!

Ok, so to answer your question, YES the svc.dynamics.com links can be used to redirect to Microsoft Sharepoint servers, apperantly even hosted by 3rd party or even self hosted Sharepoint servers and from there well the sky's the limit.

Was this reply helpful? Yes No
Rogers897 10 on at

Like (0)

Report
Copy link

Link copied!

Ok, so to answer your question, YES the svc.dynamics.com links can be used to redirect to Microsoft Sharepoint servers, apperantly even hosted by 3rd party or even self hosted Sharepoint servers and from there well the sky's the limit.

mysainsburys

Was this reply helpful? Yes No
DavidYu Microsoft Employee on at

Like (0)

Report
Copy link

Link copied!

Yes

Was this reply helpful? Yes No