Attackers prey on Microsoft Teams accounts to steal credentials

A new phishing attack impersonates an automatic communications message from Microsoft Groups to steal a company user’s login qualifications.

Abnormal Security, which disclosed the attack technique these days in a blog, maintains that Microsoft Teams has develop into a well known interaction tool, specially all through the pandemic, producing it an beautiful model for attackers to impersonate.

Here’s how the attack operates: The email gets sent from the display identify in the subject matter header, “There’s new activity in Teams,” making it seem like an automated notification from Microsoft Teams. It then notifies the user that their teammates are seeking to arrive at them and urges the recipient to click “Reply in Teams.” This potential customers to a phishing web page. 

Within just the body of the email, there are 3 back links that functionality as a lure. They say “Microsoft Groups,” “

Name: Please enter at least 2 characters

Email: Please enter a valid email

Subject: Please enter at least 2 characters

Enter number 623: Please enter the correct number

Message: Please enter at least 10 characters

I consent to having this website collect my personal data via this form.

Submit

despatched a information in fast messenger,” and “Reply in Groups.” Clicking on any of these sales opportunities to a pretend website that impersonates the Microsoft login web site.

The phishing web site then asks the consumer to enter their email and password. Should recipients drop sufferer to this attack, their login credentials as effectively as any other info saved on their account will be compromised. The attacker spoofed staff emails and also impersonated Microsoft Teams.

In accordance to the Irregular Security site, corporate people are additional most likely to fall prey to this form of attack when they think it originates from in the company and also from a reliable brand name like Microsoft Groups.

And because Microsoft Teams also capabilities as an immediate messaging service, end users are a lot more apt to click to react promptly to whichever message they think they could have been missed, based on the notification. The link landing site also seems convincingly like a Microsoft login site with the start of the URL containing “microsftteams,” lending further more credibility.

This is not the very first time Teams has been targeted. Irregular Security claimed a similar system in Could.

Some sections of this report are sourced from:
www.scmagazine.com