Security News > 2020 > May > Phishing attacks spoof Microsoft Teams to steal user credentials
2020-05-01 19:43
A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials.
In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.
In another campaign, the user is redirected to a page hosted on YouTube and is then redirected twice more until reaching a Microsoft page phishing for login credentials.
The landing pages that host the phishing pages were created to look just like the real Microsoft pages.
To help organizations defend themselves and their employees from these Microsoft Teams phishing scams, Laio offers two pieces of advice.
News URL
Related news
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)