Calling all remote workers, BEWARE! Criminals are targeting YOU! Take extra care as there’s a new security scam affecting Microsoft Teams.
These criminals are trying to gain Office 365 access by using fake Microsoft Teams alerts. The phishing scams main aim is to trick YOU, the Teams customer into handing over your logins.
By designing fake email alerts using cloned imagery, researchers from Abnormal Security say these malicious alerts look like “real ones” from Microsoft. These alerts spoof the Microsoft teams file share and audio chat notifications. And already, as many as 50,000 emails have been detected.
Criminals are aware of the increase in popularity of the Microsoft Teams video conferencing tool especially since staff are now WFH, amid the coronavirus outbreak. Microsoft Teams has had a huge increase in their users, and just last week, Microsoft CEO Satya Nadella revealed Teams has surpassed 75 million daily active users.
The dangerous tactic of assailing the potential victims with multiple alerts, increases the likelihood of them clicking on an email they believe is a genuine Microsoft message. And since the imagery is a perfect replication of Microsoft’s, the email recipient, potentially YOU or Me, are even more likely to believe it’s legitimate!
“This holds especially true on mobile where images take up most of the content on the screen.” The researchers told BleepingComputer.
Thanks to the use of several URL redirects that hide the hosting addresses, these emails even manage to evade email protection services. This phishing campaign, wouldn’t you agree has added an extra level of sophistication?
As a result, if YOU or I click on the link in the malicious email we go to a fake landing page. It’s a perfect copy of the real Office 365 login page. When WE enter in our login details, YOU”VE guessed right OUR information has now been stolen.
As this phishing campaign is a hard one to detect, above all, take extra care! If you not sure, ask your IT expert.