Attackers prey on Microsoft Teams accounts to steal credentials

  • A new phishing attack impersonates an automated communications information from Microsoft Teams to steal a company user’s login qualifications.

    Abnormal Security, which disclosed the attack technique nowadays in a website, maintains that Microsoft Teams has develop into a well-known conversation tool, particularly during the pandemic, building it an beautiful model for attackers to impersonate.

    Here’s how the attack is effective: The email gets despatched from the screen name in the subject header, “There’s new action in Groups,” creating it seem like an automated notification from Microsoft Teams. It then notifies the consumer that their teammates are striving to reach them and urges the recipient to click on “Reply in Groups.” This prospects to a phishing webpage.

    In just the physique of the email, there are three links that functionality as a lure. They say “Microsoft Teams,” “[contact] despatched a message in fast messenger,” and “Reply in Groups.” Clicking on any of these leads to a faux web site that impersonates the Microsoft login site.

    The phishing website page then asks the consumer to enter their email and password. Should recipients slide target to this attack, their login qualifications as nicely as any other information stored on their account will be compromised. The attacker spoofed worker e-mail and also impersonated Microsoft Teams.

    In accordance to the Irregular Security web site, company people are additional most likely to tumble prey to this form of attack when they believe that it originates from inside the organization and also from a trustworthy brand like Microsoft Groups.

    And since Microsoft Groups also features as an instantaneous messaging service, buyers are much more apt to click to reply quickly to regardless of what concept they feel they might have been missed, based on the notification. The url landing web site also appears to be convincingly like a Microsoft login webpage with the start off of the URL containing “microsftteams,” lending further reliability.

    This is not the first time Groups has been qualified. Abnormal Security reported a comparable approach in Might.