Security News > 2020 > May > Phishing attacks spoof Microsoft Teams to steal user credentials
2020-05-01 19:43
A new phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as a way to hijack Microsoft account credentials.
In a blog post published on Friday, Abnormal Security found a series of convincing emails designed to spoof notification messages from Microsoft Teams.
In another campaign, the user is redirected to a page hosted on YouTube and is then redirected twice more until reaching a Microsoft page phishing for login credentials.
The landing pages that host the phishing pages were created to look just like the real Microsoft pages.
To help organizations defend themselves and their employees from these Microsoft Teams phishing scams, Laio offers two pieces of advice.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)