Cybercriminals are using Microsoft Teams calls to commit fraud

How confident are you that you're talking to a cybercriminal on the phone? If you're not sure if you're talking to a bad guy on the phone, be careful! Cybercriminals are calling people via Microsoft Teams pretending to be a company and offering to help, but they won't do anything.

Cybercriminals are targeting Microsoft Teams users through Vishing attacks

Cybercriminals are using Microsoft Teams calls to commit fraud Picture 1

According to Trend Micro, there is a new attack circulating that uses vishing techniques to break into someone's system. Similar to phishing, vishing is when a person tries to convince someone to take action to provide information or system access to a cybercriminal, although vishing is done through a phone or calling app.

In the example Trend Micro gave, the attack started with thousands of phishing emails hitting someone's account. Then the cybercriminals called in posing as tech support, presumably to "fix" the email flood they had caused.

Cybercriminals encouraged victims to install a remote access application, starting with Microsoft Remote Support, then switching to AnyDesk when the former failed to install. Once AnyDesk was set up, cybercriminals used the remote access application to install a PowerShell-based malware dropper. The PowerShell malware then downloaded the DarkGate malware, which criminals used to steal data and take control of someone's computer via a Remote Access Trojan (RAT).

Fortunately, the attack was stopped before anything was stolen, but it's still a great example of how to avoid vishing. Always be wary of anyone asking you to download remote access tools, especially if the person on the other end of the line contacts you first without your request. If you have a technical support issue, report it to your workplace's IT department or a trained professional if you're at home.

Micah Soto

Update 17 December 2024