Security News > 2020 > May > Fake Microsoft Teams notification emails are hitting inboxes
Phishers are using fake Microsoft Teams notification emails to trick users into sharing their Microsoft Teams and Office 365 login credentials.
"Should the recipient fall victim to this attack, this user's credentials would be compromised. Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user's Microsoft credentials via single-sign on," Abnormal Security warns.
The imagery in the emails is copied from actual Microsoft Teams notifications and emails, and the phishing pages to which the emails direct potential victims look identical to the legitimate Microsoft Office 365 and Microsoft Teams login pages.
Those lucky enough to notice that the pages' URLs have nothing to do with Microsoft Teams or Office might think twice about providing their login credentials.
In March 2020, Microsoft Teams had hit 44 million daily users.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/L2UxUVUOSOg/
Related news
- Microsoft fixes Outlook email sending issue for users with many folders (source)
- Over 5,000 Fake Microsoft Notifications Fueling Email Compromise Campaigns (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft Outlook bug blocks email logins, causes app crashes (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Black Basta poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Black Basta operators phish employees via Microsoft Teams (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)