A new and advanced Microsoft Teams phishing campaign has been spotted by the researchers at Abnormal Security.
This attack impersonates an automated message from Microsoft Teams in order to steal recipient’s login credentials.
Microsoft Teams – as with its competitors – is a popular communication tool, particularly during the pandemic, making it an attractive brand for attackers to impersonate.
As the team explained: “The email is sent from the display name, ‘There’s new activity in Teams’, making it appear like an automated notification from Microsoft Teams. It appears to notify the recipient that their teammates are trying to reach them and urges the recipient to click on ‘Reply in Teams’. However, this leads to a phishing page”.
As you can see in the picture above, within the body of the email, there are three links appearing as ‘Microsoft Teams’, ‘(contact) sent a message in instant messenger’, and ‘Reply in Teams’.
Clicking on any of these leads to a fake website that is impersonates the Microsoft login page. The phishing page asks the recipient to enter their email and password.
A classic way to steal Office 365 credentials and perform an Account takeover.
As you might have seen using the platform, this is a classic message you riceve when somebody writes to you and you are offline. Recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification.
The email pretends to be a Microsoft Teams notification email notifying the recipient that they have received messages and their teammates are trying to reach them. The link landing page also looks convincingly like a Microsoft login page with the start of the URL containing ‘microsftteams’, lending further credence.
As the researchers reported, the attacker spoofed employee emails and also impersonated Microsoft Teams. This way the recipient is more likely to fall prey to an attack when it is believed to originate from within the company and also from a trusted brand.
Microsoft still leading as phishing bait
According to Check Point, Microsoft is top dog when it comes to phishing lures, with its products and services featuring in nearly 20% of all global brand phishing attacks in the third quarter of this year.
As the pandemic seems to rearing its head, especially in Europe, individuals are grappling with remote working technology, potential changes to finances, and an increased use of social media and this is making Phishers attacks ever more easy…