The coronavirus 2019 pandemic (COVID-19) has seen many governments around the world enforcing lockdowns that, among other restrictions, are forcing people to work remotely from home. As a result, online meeting tools such as Zoom, Skype, BlueJeans, Microsoft Teams, and others have grown in popularity
With this growth in usage has come some cybersecurity problems. Cybersecurity researchers at Abnormal Security have reported the discovery of a phishing attack which targets Microsoft Teams users with the aim of stealing their passwords.
"These attackers crafted convincing emails that impersonate automated notification emails from Microsoft Teams. The landing pages that host both attacks look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider. In one of the attacks, the sender email originates from a recently registered domain, sharepointonline-irs[.]com," which is not associated to either Microsoft or the IRS."
Security problems with Microsoft Teams
This new phishing alert comes not too long after it was revealed that Microsoft Teams users were possibly exposed to a malicious GIF that could be used to steal account data. The company has since patched this vulnerability.
It's important however to note that in the case of this newly discovered phishing attack, Microsoft Teams is not at fault or vulnerable.
"The email and landing page the attackers created were convincing. The webpages and the links the email direct to are visually identical to legitimate Microsoft Teams and Microsoft login pages. Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials."
Be vigilant when clicking on links in e-mails
As it is with any phishing attack, it is important that users pay attention and be vigilant when clicking on links in e-mails to ensure they are not being tricked into disclosing their credentials and passwords.
"Should the recipient fall victim to this attack, this user’s credentials would be compromised. Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user’s Microsoft credentials via single-sign on," warned the Abnormal Security researchers.Share this article via: