Security News > 2020 > May > Phishing attacks spoof Microsoft Teams to steal user credentials
2020-05-01 19:43
A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials.
In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.
In another campaign, the user is redirected to a page hosted on YouTube and is then redirected twice more until reaching a Microsoft page phishing for login credentials.
The landing pages that host the phishing pages were created to look just like the real Microsoft pages.
To help organizations defend themselves and their employees from these Microsoft Teams phishing scams, Laio offers two pieces of advice.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Black Basta poses as IT support on Microsoft Teams to breach networks (source)