Warning: Phishing attacks targeting Microsoft Teams show signs of sharp increase
The outbreak of the COVID-19 pandemic has forced hundreds of millions of people to work, study at home, the need for online support platforms in general and video conferencing in particular. Because of that, it increased sharply. Microsoft Teams is a prime example, this remote support platform has achieved impressive growth growth in April, with the number of regular users increasing by 70% in just over 1 month.
However, this is also the reason why Microsoft Teams is reluctant to become the new target that online scammers are targeting.
According to the latest finding from the security organization Abnormal Security, the attackers started sending emails that impersonate automated notifications from Microsoft Teams to deceive users, then steal the victims' credentials. unaware.
Fake emails are designed meticulously, with links leading to malicious landing pages that also look identical to Microsoft's legitimate website. In particular, attacks reported by Abnormal Security do not tend to target individuals or businesses in a specific field like many other phishing campaigns. Instead, malicious emails can be sent to anyone, making the infection rate harder to control.

To evade malicious link detection tools and hide the real URL of the domain name being used to organize attacks, hackers use multiple URL redirects. There have been at least two separate phishing attacks targeting Microsoft Teams recorded by Abnormal Security in April alone.
In the first attack, phishing emails contained links to documents stored on a website used by an email marketing company. This document contains 1 image that requires users to log in to their Teams account. When clicking on the image, the victim will be redirected to the fake landing page of Microsoft Office account login page to steal login information.
In the second campaign, the link in the email redirects the user to a page on YouTube and then redirects a few more times before reaching the landing page stealing credentials. Because Microsoft Teams is linked to Microsoft Office 365, an attacker may have access to other data associated with the victim's Microsoft login information through a single sign-in.

These two campaigns are most likely not of the same origin. They have different payload distribution content and methods. At the same time using the sender information is not the same.
A few days ago, another serious flaw was discovered on Microsoft Teams, allowing hackers to hijack user accounts with just a GIF file.
In general, this form of fraud has been designed more sophisticatedly but it is not new in nature. Even so, it will still be dangerous for ordinary users who do not have a lot of security knowledge.
You should read it
- How to identify phishing emails
- [Infographic] 4 types of Phishing are easy to trap users
- 25% of 'over-the-counter' phishing emails are the default security of Office 365
- [Infographic] How to recognize and prevent Phishing attacks
- Microsoft shows how to avoid trapping phishing
- What is Spear Phishing?
- How to report phishing emails in Outlook.com
- 5 signs to identify phishing websites
May be interested
- Shade Ransomware stopped working, apologized to the victims, and released 750,000 decryption keysthe people behind the operation of shadow ransomware have officially issued a statement of decommissioning, released over 750,000 decryption keys, and publicly apologized for the damage they have caused to the victims.
- Viewing GIFs can also be hacked for Microsoft Teams accountthe outbreak of the covid-19 pandemic led to a rapid increase in the number of microsoft teams users working remotely.
- Nintendo acknowledged that 160,000 Switch accounts were hackedtoday, nintendo has officially admitted this sad rumor.
- Profile of more than 267 million Facebook accounts for sale on the dark web for only $ 600investigation to identify the owner behind this huge leaked data warehouse is still underway.
- Microsoft releases important OOB security updates for Microsoft Officemicrosoft has urgently released an out-of-band security update for the purpose of fixing remote code execution vulnerabilities that exist in the autodesk fbx library.
- What types of data are for sale on the dark web?what are the most popular types of data for sale on the dark web?