Security News > 2020 > May > Phishing attacks spoof Microsoft Teams to steal user credentials
2020-05-01 19:43
A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials.
In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.
In another campaign, the user is redirected to a page hosted on YouTube and is then redirected twice more until reaching a Microsoft page phishing for login credentials.
The landing pages that host the phishing pages were created to look just like the real Microsoft pages.
To help organizations defend themselves and their employees from these Microsoft Teams phishing scams, Laio offers two pieces of advice.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)