Wednesday, September 30, 19:28
Home security Phishing Microsoft Teams alerts target Office 365 credentials

Phishing Microsoft Teams alerts target Office 365 credentials

Microsoft Teams

An extremely convincing Phishing campaign takes place at this time. Uses the icon from automated notifications Microsoft Teams and it does attacks aimed at theft of Office 365 credentials.

The Microsoft Teams collaboration platform is very often used during the pandemic COVID-19, with Microsoft announcing on March 30 that the platform has reached them 75 million daily users (DAU) (70% increase since March 19, when it reported 44 million users).

The phishing emails who forge Microsoft Teams have reached inboxes 15.000 to 50.0000 targets, according to the company's researchers security Abnormal Security.

What makes these phishing emails even more dangerous is that users are constantly receiving notifications from various online sites. services cooperation, used to maintain contacts between partners, friends and relatives.

Cloning login pages to steal his accounts Microsoft Office 365

What makes these attacks special is the cloning of Microsoft Teams notifications.

"It simply came to our notice then actual images used by the legal provider, the recipient believes that it is a legitimate e-mail ", said the researchers. "This is especially true for mobile phones, where images take up most of the screen."

Some of the phishing emails found by the researchers alert them victims for offline audio messages and invite them to listen. Other emails say their partners are trying to get in touch with them through Microsoft Teams.

The latter also provide links to install the Teams client on iOS devices and Android.

This phishing campaign can bypass some Secure Email Gateways (SEGs) and persuade many more targets to visit Phishing page.

To avoid protection services, intruders use many redirects with the ultimate goal of hiding the URL address used to host the phishing campaign.

For example, in one of the attacks, “initially the link leads to YouTube and then redirects twice until it leads the victim to the final page that hosts the phishing Microsoft site it requests. credentials"

Office 365 phishing

In another version of these attacks, the phishing email is sent from a recently registered domain, the sharepointonline-irs [.] com, which is not related to Microsoft or the US Internal Revenue Service (IRS), although it is trying to convince the targets to the contrary.

Phishing pages also use them same graphics displayed in Microsoft Teams website notifications. Therefore, the message is very convincing.

The victims arrive at the phishing site of Office 365 and are asked to put their credentials.

"If the recipient falls victim to this attack, these credentials will be violated," the researchers explained.

"It simply came to our notice then Microsoft Teams is connected to Microsoft Office 365, the intruder may have access to other available information with the user's Microsoft credentials via single-sign-on ”.

Microsoft Teams, phishing and theft credentials

The Microsoft Teams client was recently fixed to address a vulnerability security which allowed the intruders to take control of user accounts by sending a GIF.

Hackers use a variety of ways to steal Office 365 account credentials. Therefore, users must be very careful not to put their data in links found in emails.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Vodafone Network Error: Connection Problems Detected!

Vodafone Network Error: Connection Problems Detected! Vodafone has been having problems with internet and telephone connection (internet-telephone) for some time now. According to users ...

As long as the technologies reach their EOL, the hackers are waiting

A recent outbreak of cyber attacks against web commerce sites using Magento 1 underscores the importance of having a strategy ...

Mac: How to export high quality icons from System Preferences

Sometimes, you need a high quality icon from Mac System Preferences for a project, but you can not find any ...

COVID-19 test: Approval in Europe for results in 15 minutes!

A test to detect the Covid-19 virus that gives results in 15 minutes has received the green light for disposal in ...

Gmail: How to add a signature to your emails

Google Gmail supports customizable signatures, which it attaches to every email you send. You can add your name, ...

A spy campaign targets the Indian army!

Security investigators have uncovered evidence of an ongoing espionage campaign targeting India's military (defense and armed forces), ...

Baidu: Malicious pop-up redirects traffic

Malicious pop-ups redirect the traffic of the website of the technology company Baidu, to the intruder's domain. The malicious ...

LinkedIn hacker Nikulin was eventually sentenced to 7 years in prison

A US judge on Tuesday sentenced Yevgeniy Nikulin to seven years in prison, ending an international legal drama ...

Inova Health: another victim of the Blackbaud breach

Inova Health Systems has sent letters to its patients, in order to inform them about a cyber attack, which is possible ...

Hackers distribute Exorcist 2.0 ransomware through fake software crack sites

The hackers behind the Exorcist 2.0 ransomware use a malicious advertisement, aimed at redirecting unsuspecting victims to fake ...