Phishing for Microsoft Teams Credentials

Phishing continues to be a pain in everyone’s rear end. This particular Phishing scam aims to rob you from your Microsoft Teams Credentials.

Since Microsoft Teams has become a favorable communication tool throughout the world of course hackers are now aiming to phish you into giving them your login information.

Abnormal Security said “Because Microsoft Teams is an instant messaging service, recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification.”

What to look for

The attack impersonates an automated message from what you think would be from Microsoft Teams.
The from field would state “Theres new activity in teams”.
The message from the teammate would craft a message with a sense of urgency.
The email will have clickable URL’s and Buttons that direct you to a fake Office365 landing page for you to type in your credentials.

Result: If the victim falls to this attack, their login credentials as well as any other information stored on their account will be compromised and consist of the following.

Teams Login
Email Login
Office 365 Portal
Any websites with Usernames or passwords stored in emails
Active Directly \ Azure user account
VPN Account information
Software Integrated with AD
Entire Internal Business Network if user escalation to administrator vulnerability is not patched.

This is a very serious risk to a businesses and end users due to the convincing email and landing login page. Everyone should use their best judgment and not open anything they are not expecting. Security Awareness Training should be provided to everyone in your business. If users have the knowledge of what phishing looks like they too can keep you safe.

Patrick Domingues

See Full Bio

Cyber Attacks

October 28, 2020 Patrick Domingues

Patrick Domingues