Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
Cybercrime

Hackers try to steal Office 365 credentials using Microsoft Teams hoax

Manas PimpalkhareBy Manas PimpalkhareUpdated:October 23, 2020 on October 23, 2020
Hackers try to steal Office 365 credentials using Microsoft Teams hoax
Image credit: Pixabay
Share
Reddit Facebook Twitter LinkedIn Pinterest WhatsApp Email

Researchers have observed a malicious fake message, which pretends to be from Microsoft Teams, enticing users to login to their Office 365 account. When they do so, the hackers obtain the credentials to these Office365 accounts. They established that this phishing campaign made its way to between 15,000 and 50,000 people. 

Microsoft Teams is popular today, thanks to the resounding “new normal” in the wake of the Covid-19 pandemic. The instant messaging service has gained popularity during this work-from-home period, making it an attractive impersonation tool. Malicious actors find it an easy target that can help them exfiltrate important credentials from users. 

Characteristically, this proactive campaign sends users a notification on Microsoft Teams which mentions a “missed chat”. Once users try to look for this chat, they are told to enter their credentials into a Ponzi site or a phishing page. By unwittingly doing so, the hackers increase their database of stolen credentials. The phishing page itself is very convincing, with relevant URLs and multimedia layouts. 

The impersonated notification is sent in the form of an automated email, holding a subject line like “There’s new activity in Teams”. Moreover, the campaign tells users that their colleagues are trying to contact them, or that they have a new task or deadline. For the uninitiated on the workings of this campaign, such messages buttress the authenticity of the scheme and make users to unknowingly leak their credentials.

Once the hackers hold a user’s Microsoft credentials, they can essentially control the account. The compromised account can then be used for a slew of illegal activities and would result in malicious theft of identity.  

User awareness is extremely important to prevent such phishing campaigns from succeeding. Importantly,  answering suspicious email correspondence is a risky activity. Moreover, companies like Microsoft, which are essentially interlinking one user’s credentials to a multitude of services, must create some security plan to ensure that impersonators do not succeed in their phishing campaigns. 

Recently, logistics giant DHL faced a similar impersonation scheme in Australia. The global presence of such hackers is harmful to large corporations which handle important data. 

Cybercrime Microsoft Security
Disclaimer
Read More Read Less
The information provided on this website shouldn’t be considered as investment, tax, legal, or trading advice. Morning Tick is not an investment advisory platform, nor do we intend to be. The publication, its’s management team, or authored-by-line doesn’t seem liable for your personal financial losses, which may be due to your panic decisions based on the content we published. We strongly recommend considering our stories as just a piece of information, unlike advice, recommendations, or requests. Some of the contents may get outdated, updated, or inaccurate despite our profound editorial policies. We urge readers to do their due diligence before making any investments decision with ongoing IDOs, ICOs, IEOs, or any other kind of financial offerings. Few outbound links may be commissioned or affiliated, which helps us grow financially and maintain healthy editorial norms. For more information, visit disclaimer page.
Share. Facebook Twitter Pinterest LinkedIn Email Reddit WhatsApp
Previous ArticleXRP-powered crypto exchange Xago updates its executive staff
Next Article Ransomware attack on Georgia county affects voter signature database
Manas Pimpalkhare
  • Twitter

Aspiring Tech Journalist, Lawyer-to-be, has a keen interest in cybercrime and disruptive tech like AI, 5G, and crypto.

Recommended Posts

Bitcoiner alerts ‘overconfident HODLers’ after losing 2.6 BTC

January 11, 2021

The 10 Biggest Data Breaches that grabbed attention in 2020

December 24, 2020

Adware is the new Malware that everyone needs to know

November 25, 2020

Donald Trump fires cybersecurity chief Chris Krebs after he debunked voter fraud theories

November 18, 2020
Add A Comment

Comments are closed.

Latest

Introducing Lucky Mystery Box, Crypto lottery based on TRON with a prize pool of 1M USDT

2 hours ago

GlobalDots joins forces with Coralogix to save companies 40-70% on full-stack observability costs, launching a debut CDN log management solution

3 weeks ago

KX.finance announces upcoming DeFi/DEX aggregator launch on APTOS/SUI blockchain

3 months ago

HyperBC Group unveils Zero interest Crypto Credit Card HyperCard, obtains Lithuanian Financial License

3 months ago

Unplugged launches its mobile App Suite to help consumers reclaim their privacy

3 months ago
Morning Tick
Facebook Twitter Instagram Pinterest RSS
  • About Us
  • Press Toolkit
  • Disclaimer
  • Contact Us
  • Privacy Policy
  • Sitemap
© 2022 Morning Tick. Disclaimer: The information provided on this website shouldn't be considered as investment, tax, legal, or trading advice.

Type above and press Enter to search. Press Esc to cancel.