Categories: Digital LifeNews

This “Microsoft Teams” scam aims to steal your login credentials

There has been a report that a new phishing campaign has been aimed to steal the login credentials of employees by sending fake Microsoft Teams notifications. As many individuals move to full-time remote work due to the COVID-19 pandemic, they could be more likely to succumb to the scam online.

Attackers use crafted emails that appear to be emails of automated notifications coming from Microsoft Teams. Once the user clicks a malicious link in the email, it takes them to the fake landing page that impersonates the webpages of Microsoft Teams.

More and more victims are likely to fall for the scam as more people switch from Zoom to Microsoft Teams in light of Zoom’s safety and privacy issues. Here are two different attacks that try to steal employee login credentials, according to researchers:

  • The email includes a link to a document that contains an image that urges recipients to login with Microsoft team, upon clicking the image it takes to the fake Microsoft Office login page.
  • A YouTube link, redirected multiple times, and reaches a final webpage that impersonates Microsoft login page.
Image source: gbhackers.com

If a victim falls for any of the scams, their login details get compromised, and attackers may even gain access to Microsoft Office 365 services. The attack targets more than 50,000 employees in more than 150 companies, as reported by the Group-IB Threat Intelligence group.

However, in the case of the attacks, neither security configurations nor vulnerabilities in Microsoft Teams were at fault. Instead, they note that the scam emails were “convincingly-crafted” impersonating the automated notification emails from Microsoft Teams. 

“Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials. Given the current situation, people have become accustomed to notifications and invitations from collaboration software providers,” said Abnormal Security.

As a general rule, do not log into suspicious links, and always make sure you’re on the official site by checking the URL before entering your credentials. Spam phishing emails will often ask you to go to a fraudulent or spoofed website to re-enter your credit card number or verify your password. Scammers will also try to have you call them on the phone to provide your personal information. Keep in mind that reputable businesses would not make such requests by email.

[ SOURCE, 2 ]

Recent Posts

Porsche Taycan and Macan EV prices surge in Malaysia: Up to RM410k higher

Porsche has recently updated the price of its EV lineup in Malaysia, and the changes…

11 hours ago

TNG eWallet now lets you search SSM company records and download official documents

If you need to verify a Malaysian business or obtain more background information, you can…

15 hours ago

Bye-bye physical discs: PlayStation goes digital-only from 2028

For close to two decades, buying a new PlayStation game meant picking up a Blu-ray…

16 hours ago

Flexi Parking is back online: Look out for minor teething issues

The Flexi Parking system is operational again after being crippled for the past few days…

16 hours ago

Hotlink 5G Travel SIM offers 7-day “unlimited” internet in 4 countries for RM25

Hotlink has enhanced its Travel SIM offering which lets you stay connected in 4 countries…

17 hours ago

Semak Kasih offers a legit starting point to check for unclaimed takaful and life insurance

The Malaysian Takaful Association (MTA) and Life Insurance Association of Malaysia (LIAM) have recently launched…

1 day ago

This website uses cookies.