Microsoft Teams is being targeted by phishing attacks

While both of the phishing campaigns the security researchers discovered are no longer in operation, others could be.

CommentsFacebook IconX IconReddit Icon
TweakTown
Published
Updated
1 minute & 30 seconds read time
Voice: Default
0:00 / --:--
Use left and right arrow keys to seek audio.

There are many online chat and video chat services that are being used increasingly during the coronavirus pandemic around the world. One of those is Microsoft Teams, and with the significantly increased use of Teams also comes cybercriminals looking to take advantage of those using the service. A security research firm called Abnormal Security has announced that cybercriminals are using new phishing campaigns targeted at Teams users that are attempting to steal Microsoft account credentials.

Microsoft Teams is being targeted by phishing attacks 01

Abnormal Security says that it has discovered a series of convincing emails that are designed to spoof notification messages from Microsoft Teams. One of the campaigns the security researchers talk about is a phishing email that includes a link to a document on a domain used by a legitimate email marketing company for hosting content for marketing campaigns. The document that is linked to is an image that prompts users to sign into their Microsoft Teams account.

Anyone clicking on the image is taken to is a malicious page impersonating the Microsoft Office logon page with the intent of capturing the user credentials. Another campaign the security researchers found redirects the user to a page hosted on YouTube. That page is redirected two more times until reaching a fake Microsoft page that is attempting to steal login credentials.

Abnormal Security says that the attackers are using multiple URL redirects to conceal the actual URL, and to evade malicious link filtering used by email security products. The researchers say that the first campaign started on April 14 and lasted two days, but hasn't been seen since. The second campaign began on April 29 and lasted a few hours before disappearing. The fishing campaigns were sent to customers in energy, retail, and hospitality industries but weren't targeted at any specific company or industry. Microsoft recently patched a flaw that could allow for Teams account take over.

Photo of the Mastering Microsoft Teams

Best Deals: Mastering Microsoft Teams

Prices last scanned 44 minutes ago

* Prices may be inaccurate. As an Amazon Associate, we earn from qualifying purchases. We earn affiliate commission from any Newegg or PCCG sales.

News Source:techrepublic.com

Comments

Stay Updated

Follow TweakTown for breaking tech news, reviews, and daily updates.

Add TweakTown as a preferred source on GoogleFind TweakTown on Apple News
Newsletter Subscription