Microsoft Teams Phishing Attack Targets Office 365 Users

  • Up to 50,000 Office environment 365 people are currently being qualified by a phishing marketing campaign that purports to notify them of a “missed chat” from Microsoft Groups.

    Scientists are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. In reality, the attack aims to steal Office 365 recipients’ login qualifications.

    Teams is Microsoft’s preferred collaboration instrument, which has specifically risen in attractiveness amid remote workforces throughout the pandemic – building it an attractive manufacturer for attackers to impersonate. This unique marketing campaign was sent to concerning 15,000 to 50,000 Place of work 365 end users, in accordance to researchers with Irregular Security on Thursday.

    “Because Microsoft Teams is an prompt-messaging services, recipients of this notification could possibly be extra apt to click on on it so that they can react quickly to no matter what information they assume they might have skipped based mostly on the notification,” stated scientists in a Thursday examination.

    The initial phishing email displays the identify “There’s new activity in Teams,” making it seem like an automatic notification from Microsoft Groups.

    As observed in the photo below, the email tells receiver that their teammates are hoping to access them, warning them they have missed Microsoft Group chats and displaying an case in point of a teammate chat that asks them to submit something by Wednesday of upcoming week.

    Erin Ludert, info scientist at Abnormal Security, instructed Threatpost scientists suspect attackers are utilizing additional of a “spray” tactic below, as the staff referenced in the chats does not seem to be an staff of the enterprise that been given the attack.

    The phishing emails. Credit rating: Irregular Security

    To answer, the email urges the recipient to simply click on the “Reply in Teams” button – Nonetheless, this leads to a phishing site.

    “Within the body of the email, there are a few hyperlinks showing up as ‘Microsoft Teams’, ‘(call) despatched a information in immediate messenger’, and ‘Reply in Teams’,” according to scientists. “Clicking on any of these leads to a pretend internet site that impersonates the Microsoft login website page. The phishing webpage asks the recipient to enter their email and password.”

    Scientists reported that the phishing landing webpage also appears convincingly like a Microsoft login page with the begin of the URL made up of “microsftteams.” If recipients are confident to input their Microsoft qualifications into the web site, they are unwittingly handing them in excess of to attackers, who can then use them for an array of destructive needs – like account takeover.

    With the ongoing pandemic, anxieties about cyberattackers leveraging enterprise pleasant collaboration manufacturers like Microsoft Groups, Zoom and Skype have been piqued. In Could, a convincing campaign that impersonated notifications from Microsoft Groups in order to steal the Workplace 365 credentials of personnel circulated, with two different assaults that focused as quite a few as 50,000 distinctive Groups customers.

    Microsoft is top rated of the heap when it comes to hacker impersonations – with Microsoft products and expert services showcasing in almost a fifth of all world-wide brand name phishing assaults in the third quarter of this year. Attackers are also utilizing sophisticated techniques – including visual CAPTCHAS to focus on Business 365 buyers and token-primarily based authorization approaches.