Warning: Phishing attacks targeting Microsoft Teams show signs of sharp increase
The outbreak of the COVID-19 pandemic has forced hundreds of millions of people to work, study at home, the need for online support platforms in general and video conferencing in particular. Because of that, it increased sharply. Microsoft Teams is a prime example, this remote support platform has achieved impressive growth growth in April, with the number of regular users increasing by 70% in just over 1 month.
However, this is also the reason why Microsoft Teams is reluctant to become the new target that online scammers are targeting.
According to the latest finding from the security organization Abnormal Security, the attackers started sending emails that impersonate automated notifications from Microsoft Teams to deceive users, then steal the victims' credentials. unaware.
Fake emails are designed meticulously, with links leading to malicious landing pages that also look identical to Microsoft's legitimate website. In particular, attacks reported by Abnormal Security do not tend to target individuals or businesses in a specific field like many other phishing campaigns. Instead, malicious emails can be sent to anyone, making the infection rate harder to control.
Phishing email formTo evade malicious link detection tools and hide the real URL of the domain name being used to organize attacks, hackers use multiple URL redirects. There have been at least two separate phishing attacks targeting Microsoft Teams recorded by Abnormal Security in April alone.
In the first attack, phishing emails contained links to documents stored on a website used by an email marketing company. This document contains 1 image that requires users to log in to their Teams account. When clicking on the image, the victim will be redirected to the fake landing page of Microsoft Office account login page to steal login information.
In the second campaign, the link in the email redirects the user to a page on YouTube and then redirects a few more times before reaching the landing page stealing credentials. Because Microsoft Teams is linked to Microsoft Office 365, an attacker may have access to other data associated with the victim's Microsoft login information through a single sign-in.
The fake Office 365 login pageThese two campaigns are most likely not of the same origin. They have different payload distribution content and methods. At the same time using the sender information is not the same.
A few days ago, another serious flaw was discovered on Microsoft Teams, allowing hackers to hijack user accounts with just a GIF file.
In general, this form of fraud has been designed more sophisticatedly but it is not new in nature. Even so, it will still be dangerous for ordinary users who do not have a lot of security knowledge.
You should read it
- Be wary of disguised Microsoft OneNote Audio phishing emails
- Identify popular online scams so as not to lose money unfairly
- How to identify phishing emails
- [Infographic] 4 types of Phishing are easy to trap users
- 25% of 'over-the-counter' phishing emails are the default security of Office 365
- [Infographic] How to recognize and prevent Phishing attacks
- Microsoft shows how to avoid trapping phishing
- What is Spear Phishing?
- How to report phishing emails in Outlook.com
- 5 signs to identify phishing websites
- How Phishing works
- 7 forms of fraud, popular online fraud
Maybe you are interested
Microsoft is about to build the world's most powerful quantum computer
10 Microsoft Edge Settings You Need to Change to Improve Your Browsing Experience
Microsoft doesn't allow users to uninstall the Recall feature in Windows 11
How to take a screenshot of the entire web page on Microsoft Edge
How to translate a web page on Microsoft Edge
Microsoft DirectML now supports PC Copilot+ and WebNN