Security News > 2020 > May > Microsoft Teams Impersonation Attacks Flood Inboxes
Two separate attacks have targeted as many as 50,000 different Teams users, according to findings from Abnormal Security.
If recipients click the link, they'll be presented with a button asking them to log in to Microsoft Teams - if that button is clicked, they're taken to a malicious page which impersonates the Microsoft Office login page in order to steal their credentials.
Attackers can gain access to more than credentials for the specific service represented on the phishing pages, warned Abnormal Security: "Since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user's Microsoft credentials via single-sign on."
Earlier this week, Microsoft fixed a subdomain takeover vulnerability in Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization's Teams accounts.
"Unfortunately, malicious actors are very good at exploiting chaos and confusion. The transition to remote work has created a fertile environment for attacks on all forms of communication and collaboration to infiltrate Office 365 and Teams environments. That's why it's critical for enterprises to be able to monitor and detect threats in both email and Teams environments."
News URL
https://threatpost.com/microsoft-teams-impersonation-attacks/155404/
Related news
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)