A convincing cyberattack that impersonates notifications from Microsoft Teams with a purpose to steal the Office 365 credentials of workers is making the rounds, based on researchers. Two separate attacks have targeted as many as 50,000 different Teams users, based on the findings of Abnormal Security.
The information comes as the U.S. Division of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about Office 365 remote-work deployments.
In one, employees receive an email that accommodates a hyperlink to a document on a site utilized by an established e-mail marketing provider to host static material used for campaigns. If recipients click the hyperlink, they’ll be offered with a button asking them to log in to Microsoft Teams – if that button is clicked, they’re taken to a malicious page that impersonates the Microsoft Office login page so as to steal their credentials.
Within the second assault, the email hyperlink points to a YouTube page, from which users are redirected twice to finally land on one other Microsoft login phishing site.
Attackers can acquire access to over credentials for the specific service represented on the phishing pages.
The researchers stated that the campaigns are particularly effective on mobile, the place images take up most of the content on the screen and where it’s more difficult to vet URLs. But even on the desktop, the attacks are effectively-crafted utilizing existing official imagery and are thus quite convincing, based on the analysis.