Microsoft Teams Phishing attack Targets Office 365 Users (22nd October 2020)

Description

Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. The attack aims to steal Office 365 recipients’ login credentials.

Summary

Microsoft Teams is a collaboration tool which has risen in popularity among remote workforces during the pandemic. Malicious attackers impersonate this tool by using a phishing email to gain access to unsuspecting users’ accounts. The initial phishing email displays the name “There’s new activity in Teams,” which appears to be an automated notification from Microsoft Teams. Since Teams offers an instant messaging service, users who receive this notification might be inclined to click on it so they can respond to a message.

How it Works

The phishing email gets sent by attackers with the display name in the subject header. “There’s new activity in Teams,” making it appear like an automated notification from Microsoft Teams. It then notifies the user that their teammates are trying to reach them and urges the recipient to click “Reply in Teams.” This leads to a phishing page.

Within the body of the email, there are three links that function as a lure. The links are “Microsoft Teams,” “[contact] sent a message in instant messenger,” and “Reply in Teams.” Clicking on any of these links leads to a fake website that impersonates the Microsoft login page.

The user is then prompted by the fake (phishing) page to enter their email and password. The credentials (email and password) of those who fall victim to this attack will then be stolen and used to compromise their account.

It is advised for users to pay keen attention to the sending address of emails and messages. The URL to which users are redirected would be another point of focus. Do not put your credentials into unknown links nor send it to unknown addresses.

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary.

References

O'Donnell, L. (2020, October 22). Microsoft Teams Phishing Attack Targets Office 365 UsersRetrieved from Threat Post: https://threatpost.com/microsoft-teams-phishing-office-365/160458/

Zurier, S. (2020, October 22). Attackers prey on Microsoft Teams accounts to steal credentials . Retrieved from SC Magazine: https://www.scmagazine.com/home/security-news/vulnerabilities/attackers-prey-on-microsoft-teams-accounts-to-steal-credentials/