Security News > 2020 > May > Fake Microsoft Teams notification emails are hitting inboxes
Phishers are using fake Microsoft Teams notification emails to trick users into sharing their Microsoft Teams and Office 365 login credentials.
"Should the recipient fall victim to this attack, this user's credentials would be compromised. Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user's Microsoft credentials via single-sign on," Abnormal Security warns.
The imagery in the emails is copied from actual Microsoft Teams notifications and emails, and the phishing pages to which the emails direct potential victims look identical to the legitimate Microsoft Office 365 and Microsoft Teams login pages.
Those lucky enough to notice that the pages' URLs have nothing to do with Microsoft Teams or Office might think twice about providing their login credentials.
In March 2020, Microsoft Teams had hit 44 million daily users.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/L2UxUVUOSOg/
Related news
- Microsoft shares temp fix for Outlook crashing when writing emails (source)
- Ransomware attackers are “vishing” organizations via Microsoft Teams (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)