Trending: Criminals use fake Teams Alerts to steal passwords

Table of Contents

With the explosive growth of Microsoft Teams, cybercriminals are using spoofed Teams messages to scam users.  According to researchers from Abnormal Security, criminals have been using cloned imagery and designs to make their malicious alerts look like real ones from Microsoft.   This approach makes it difficult to determine if the notification is authentic.    Cyber criminals have become skilled at not only making emails look like real notifications but also using multiple redirects to make the URL or internet address making it difficult to Spot Safe vs Unsafe Websites .

According to Bleeping Computer, The Microsoft Teams cloud collaboration platform has experienced a huge usage spike since the start of the COVID-19 pandemic, with Microsoft announcing on March 30 that the platform has reached 75 million daily active users (DAUs), with 70% increase since March 19 when it reported 44 million DAUs.

The alerts clone legitimate login pages, first bouncing users through several trusted sites (YouTube, Microsoft, etc) to hide the URL used in the phishing campaign.

If the recipient falls for the ruse, the attackers can capture the user’s credentials, using this to steal valuable information, hack deeper into organization systems, or use the mailbox as a launch pad to trick other users within the organization.

What can you do?

  • Ensure you implement MFA or Two Factor Authentication for all users
  • Warn users in your organization to be cautious and stay diligent
  • Redouble user security awareness training
  • Ensure that computers are patched with the latest software updates.  (The Microsoft Teams client was recently patched to fix a security vulnerability that allowed attackers to take over user accounts by sending them an animated GIF image.)

Need more help?      Schedule a call with an Information Security Officer at iLLÜM

At ILLÜM Advisors we believe that IT should accelerate your business, not be a problem that slows it down.

We accelerate and mature existing IT teams, by providing Leadership, Security, Project Management, and customer satisfaction, for organizations that simply cannot afford to waste time and budget

For more information schedule a free 20-minute call with iLLÜM Advisors.

Share this article with a friend

Create an account to access this functionality.
Discover the advantages