Security News > 2020 > October > Microsoft Teams Phishing Attack Targets Office 365 Users

Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams.
The initial phishing email displays the name "There's new activity in Teams," making it appear like an automated notification from Microsoft Teams.
Researchers said that the phishing landing page also looks convincingly like a Microsoft login page with the start of the URL containing "Microsftteams." If recipients are convinced to input their Microsoft credentials into the page, they are unwittingly handing them over to attackers, who can then use them for an array of malicious purposes - including account takeover.
In May, a convincing campaign that impersonated notifications from Microsoft Teams in order to steal the Office 365 credentials of employees circulated, with two separate attacks that targeted as many as 50,000 different Teams users.
Microsoft is top of the heap when it comes to hacker impersonations - with Microsoft products and services featuring in nearly a fifth of all global brand phishing attacks in the third quarter of this year.
News URL
https://threatpost.com/microsoft-teams-phishing-office-365/160458/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)