Cyber-criminals are impersonating a well-known Microsoft messaging services to steal employees’ Place of work 365 login qualifications in a newly detected attack that has strike up to 50,000 mailboxes.
The marketing campaign, uncovered by scientists at Abnormal Security, targets Workplace people with an automated concept that appears to be sent from communication tool Microsoft Teams.
“The email is sent from the exhibit title, ‘There’s new activity in Teams’, creating it surface like an automated notification from Microsoft Groups,” said scientists.
“It appears to notify the receiver that their teammates are seeking to reach them and urges the recipient to click on ‘Reply in Teams’.”
Victims who get the bait and simply click on any of the 3 one-way links incorporated in the information are directed to a malicious phishing web site the place they are asked to enter their email and password.
“The website link landing website page also seems to be convincingly like a Microsoft login web site with the commence of the URL that contains ‘microsftteams’, lending more credence,” noted researchers.
Victims who enter their qualifications risk exposing delicate facts stored on their account and supplying attackers a foothold into the company’s corporate network for much more sophisticated BEC attacks.
“Ought to recipients slide target to this attack, their login credentials as nicely as any other information and facts stored on their account will be compromised,” wrote scientists.
The attack exploits the two the instantaneous character of the conversation software and its increase in level of popularity activated by the outbreak of COVID-19.
“Mainly because Microsoft Teams is an immediate messaging company, recipients of this notification could be a lot more apt to click on on it so that they can answer quickly to regardless of what information they consider they may perhaps have skipped primarily based on the notification,” famous researchers.
Information of this new attack follows the discovery of two other equivalent strategies by Irregular Security in May 2020, in which danger actors spoofed Microsoft Groups to steal credentials.
Describing the previously campaigns, scientists mentioned: “These attackers crafted convincing e-mail that impersonate automated notification e-mails from Microsoft Groups. The landing internet pages that host both equally attacks glance equivalent to the true webpages, and the imagery utilized is copied from precise notifications and emails from this provider.”
Some pieces of this report are sourced from: