Microsoft Teams used in new phishing campaign against Office 365 users

More than 50,000 Office 365 users were recently targeted by a phishing campaign to notify them of a “missed chat” on Microsoft Teams. Security researchers are issuing several alerts about a phishing campaign that claims to be an automated message from Microsoft Teams, but is in reality an attack whose main purpose is to steal recipients’ Office 365 credentials.

Microsoft Teams is a very popular collaboration tool from Microsoft, which has grown a lot thanks to remote staffing during the pandemic, making it an attractive brand for attackers to play. According to researchers at Abnormal Security, this campaign was sent to around 50,000 Office 365 users.

“Because Microsoft Teams is an instant messaging service, recipients of this notification may be more able to click on it so they can quickly respond to any message they think they missed based on the notification,” researchers in an analysis. done yesterday.

The initial phishing email has the subject line, “There is new activity in Teams,” which sounds like an automatic notification from Microsoft Teams. As can be seen in the image below, the email notifies the recipient that their teammates are trying to contact them, informing them that they missed Microsoft Teams chats and shows an example of a chat with a colleague from team asking you to send something by Wednesday next week.

Phishing uses Microsoft Teams to reach Office 365 users

Erin Ludert, data scientist at Anormal Security, told Threatpost researchers that the attackers are using another spray tactic because the employee mentioned in the discussions does not appear to be an employee of the company who received the attack.

To reply, the email shows the recipient clicking the “Reply on Teams” button – however, this leads to a phishing page.

“In the body of the email, there are three links that appear like ‘Microsoft Teams’, ‘(contact) messaged on’ and ‘Reply on Teams’,” according to the researchers. “Clicking on any of these leads to a bogus website that represents the Microsoft login page. The phishing page asks the recipient to enter their email address and password. “

The researchers said the phishing landing page also convincingly resembles a Microsoft login page with the beginning of the URL containing “microsftteams”. If recipients are persuaded to put their Microsoft credentials on the page, they will inadvertently hand them over to attackers, who can use them for a variety of malicious purposes, including account control.

With the ongoing pandemic, concerns about cyber attacks leveraging user-friendly collaboration brands like Microsoft Teams, Zoom, and Skype have increased dramatically. However, Microsoft appears to be at the top of the list when it comes to hacking identity theft – Microsoft products and services appearing in nearly a fifth of all phishing attacks this year.

Help us grow, visit our Facebook page and leave your taste, to have access to all the information first hand. And if you liked the article, don’t forget to share it with your friends. Also follow us on Google News, select us among your favorites by clicking on the star.

Founder of Noticias e Tecnologia, and this is his second online project, after several years connected to a portal focused on the Android system, of which he was also one of its founders.

IT professional and passionate about new technologies, mechanical sports and mountain biking.