Cyber-criminals are impersonating a common Microsoft messaging assistance to steal employees’ Workplace 365 login credentials in a newly detected attack that has hit up to 50,000 mailboxes.
The marketing campaign, uncovered by researchers at Abnormal Security, targets Workplace buyers with an automated concept that seems to be sent from interaction tool Microsoft Groups.
“The email is sent from the exhibit identify, ‘There’s new activity in Teams’, producing it look like an automated notification from Microsoft Groups,” mentioned scientists.
“It seems to notify the receiver that their teammates are striving to reach them and urges the receiver to simply click on ‘Reply in Teams’.”
Victims who consider the bait and click on on any of the a few links included in the information are directed to a destructive phishing site the place they are asked to enter their email and password.
“The backlink landing webpage also appears convincingly like a Microsoft login website page with the start of the URL that contains ‘microsftteams’, lending further credence,” pointed out researchers.
Victims who enter their qualifications risk exposing sensitive information and facts stored on their account and supplying attackers a foothold into the firm’s company network for extra complex BEC attacks.
“Ought to recipients tumble sufferer to this attack, their login credentials as well as any other info stored on their account will be compromised,” wrote scientists.
The attack exploits both the instantaneous nature of the communication instrument and its increase in popularity induced by the outbreak of COVID-19.
“Simply because Microsoft Groups is an prompt messaging services, recipients of this notification might be a lot more apt to simply click on it so that they can reply rapidly to regardless of what information they think they may possibly have missed based on the notification,” pointed out scientists.
News of this new attack follows the discovery of two other similar strategies by Irregular Security in May 2020, in which threat actors spoofed Microsoft Groups to steal credentials.
Describing the before campaigns, scientists noted: “These attackers crafted convincing emails that impersonate automated notification e-mails from Microsoft Groups. The landing web pages that host equally attacks appear similar to the genuine webpages, and the imagery utilized is copied from precise notifications and emails from this company.”