Security News > 2020 > May > Microsoft Teams Impersonation Attacks Flood Inboxes

Two separate attacks have targeted as many as 50,000 different Teams users, according to findings from Abnormal Security.

If recipients click the link, they'll be presented with a button asking them to log in to Microsoft Teams - if that button is clicked, they're taken to a malicious page which impersonates the Microsoft Office login page in order to steal their credentials.

Attackers can gain access to more than credentials for the specific service represented on the phishing pages, warned Abnormal Security: "Since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user's Microsoft credentials via single-sign on."

Earlier this week, Microsoft fixed a subdomain takeover vulnerability in Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization's Teams accounts.

"Unfortunately, malicious actors are very good at exploiting chaos and confusion. The transition to remote work has created a fertile environment for attacks on all forms of communication and collaboration to infiltrate Office 365 and Teams environments. That's why it's critical for enterprises to be able to monitor and detect threats in both email and Teams environments."

News URL

https://threatpost.com/microsoft-teams-impersonation-attacks/155404/