There has been a report that a new phishing campaign has been aimed to steal the login credentials of employees by sending fake Microsoft Teams notifications. As many individuals move to full-time remote work due to the COVID-19 pandemic, they could be more likely to succumb to the scam online.
Attackers use crafted emails that appear to be emails of automated notifications coming from Microsoft Teams. Once the user clicks a malicious link in the email, it takes them to the fake landing page that impersonates the webpages of Microsoft Teams.
More and more victims are likely to fall for the scam as more people switch from Zoom to Microsoft Teams in light of Zoom’s safety and privacy issues. Here are two different attacks that try to steal employee login credentials, according to researchers:
- The email includes a link to a document that contains an image that urges recipients to login with Microsoft team, upon clicking the image it takes to the fake Microsoft Office login page.
- A YouTube link, redirected multiple times, and reaches a final webpage that impersonates Microsoft login page.
If a victim falls for any of the scams, their login details get compromised, and attackers may even gain access to Microsoft Office 365 services. The attack targets more than 50,000 employees in more than 150 companies, as reported by the Group-IB Threat Intelligence group.
However, in the case of the attacks, neither security configurations nor vulnerabilities in Microsoft Teams were at fault. Instead, they note that the scam emails were “convincingly-crafted” impersonating the automated notification emails from Microsoft Teams.
“Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials. Given the current situation, people have become accustomed to notifications and invitations from collaboration software providers,” said Abnormal Security.
As a general rule, do not log into suspicious links, and always make sure you’re on the official site by checking the URL before entering your credentials. Spam phishing emails will often ask you to go to a fraudulent or spoofed website to re-enter your credit card number or verify your password. Scammers will also try to have you call them on the phone to provide your personal information. Keep in mind that reputable businesses would not make such requests by email.