Previously, we discussed how Microsoft has become the most imitated company in recent weeks. We’re now beginning to see the effects of this shift as Office 365 users come under fire from phishing attacks.
The New Wave of Microsoft Phishing Attacks
This news comes to us from Abnormal Security, which reported on this new wave of attacks. A phishing campaign has targeted 15,000-50,000 Office 365 users in a bid to steal their personal information.
The email’s design replicates that of an automated Microsoft Teams email. Abnormal Security described the attack as such:
The email is sent from the display name, ‘There’s new activity in Teams’, making it appear like an automated notification from Microsoft Teams. It appears to notify the recipient that their teammates are trying to reach them and urges the recipient to click on ‘Reply in Teams’. However, this leads to a phishing page.
The email itself actually contains several links that say they lead to specific actions within Microsoft Teams. Regardless of which one you choose, you’re directed to a fake Microsoft Teams login page.
The login page looks like the real thing and asks for your Microsoft username and password. Once you enter them, the login details are sent to the hackers who can now access your account.
Why Is Microsoft Teams Under Attack?
It may seem odd that a hacker would try so hard to get someone’s account. What are they aiming to do, join in the victim’s meetings?
The problem is that the website asks for your Microsoft account, which is tied to pretty much every Microsoft service you use—including Windows 10. As such, a Microsoft password can be pretty powerful in the hands of a hacker.
The reason why Microsoft Teams specifically is coming under attack is due to how the world is shifting after the COVID-19 pandemic. Hackers will always target the latest tech trends in order to spread their net as wide as possible. The current tech trend right now just so happens to be remote working, which is where Microsoft Teams come into the equation.
As such, it’s worth double and triple-checking every Microsoft Teams email you receive to ensure it’s not a phishing attack. The above attack directed people to a website called “microsftteams,” so double-check the URL before you log into Microsoft on the web to ensure there’s no weird elements or missing letters.
Keeping Your Digital Self Safe in a Post-COVID World
With remote working becoming a huge part of international business, scammers are riding the waves and tricking people into handing over their personal information. It’s highly likely the attacks will get worse before they get better, so be sure to stay vigilant in the coming months.
Microsoft is not the only impersonated company for phishing scams, however. There are plenty of ways a hacker can craft a COVID-related phishing campaign, and you need to know how to spot a bad email before it tricks you.
Image Credit: Orn Rin / Shutterstock.com