MS Teams Phishing Attack Steals Office 365 Credentials

Your Office 365 Credentials Are Vulnerable To This MS Teams Phishing Attack

( 2 min read )

It is time you should probably review the safety of your Office 365 credentials. Recently, Microsoft Teams was targeted for a phishing attack. As many as 50,000 Office 365 users are vulnerable. As we see a rise in work from home culture, the use of Microsoft Teams for remote working collaboration has increased. Read further to understand how this password theft attempt is being carried out.

Microsoft Teams Notifications Misused

Security researchers warn O365 users of a phishing attempt that may be coming their way. In this phishing attack, victims receive a notification from MS Teams. The notification alerts the user of a ‘missed chat’. Teams being an Instant messaging app, this phishing attack is predicted to have a large success rate. Office 365 users are relying more and more on Microsoft’s collaboration tools to get their work done. A message like this is likely to cause some alarm, provoking the victims to click on the notification. This is one of those instances where fraudsters are sending out their phishing baits in bulk, hoping for a big click-thru rate. Researchers state that the victim pool lies in the range of 15,000 users to 50,000 users.

How are they planning to snatch your Office 365 credentials?

Microsoft Teams has always had a ‘push notification’ kind of mechanism where it alerts you to new activity in Teams through the email id you have linked with it. This is one way it tries to make sure you don’t miss any urgent activity if you’re away from MS Teams for a while.

The phishing email also mimics the same format. The headline of the mail is ‘There’s new activity in Teams’, similar to actual mails. The body of the mail is also matched to authentic mails from MS Teams. It says ‘Your team members are trying to reach you.’ There’s a button included which says ‘Reply in Teams’. Any user of Teams will easily get tricked. However, the name of the person trying to reach you won’t be of someone in your organization. But because Teams also allows ‘External’ chats with members outside of your organization, users will be tempted to click through.

Snapshot of the MS Teams Phishing Email

The Reply button, and two other links in the email – ‘Microsoft Teams’, and ‘<abc> person sent you a message’ – are all spoofed. They take the victim to a phishing page, which impersonates the Microsoft login page. When victims type in their details, the hacker gets their O365 login credentials. The fraudster can then misuse the credentials for further damage, including a full-blown account takeover attempt.

What can you do to protect your Office 365?

Logix is a Microsoft Gold Partner, one of the few in India. In that capacity, we have the choice of complimenting Microsoft’s original offerings with our own services. Having been in the security industry for more 20+ years, we understand how important it is to protect email from phishing attempts. That’s why we have O365 + Email Advanced Threat Protection security offerings that give you a complete messaging and collaboration tool along with top-notch security.

Get total security.

Leave a Reply

Your email address will not be published. Required fields are marked *