Researchers have observed a malicious fake message, which pretends to be from Microsoft Teams, enticing users to login to their Office 365 account. When they do so, the hackers obtain the credentials to these Office365 accounts. They established that this phishing campaign made its way to between 15,000 and 50,000 people.
Microsoft Teams is popular today, thanks to the resounding “new normal” in the wake of the Covid-19 pandemic. The instant messaging service has gained popularity during this work-from-home period, making it an attractive impersonation tool. Malicious actors find it an easy target that can help them exfiltrate important credentials from users.
Characteristically, this proactive campaign sends users a notification on Microsoft Teams which mentions a “missed chat”. Once users try to look for this chat, they are told to enter their credentials into a Ponzi site or a phishing page. By unwittingly doing so, the hackers increase their database of stolen credentials. The phishing page itself is very convincing, with relevant URLs and multimedia layouts.
The impersonated notification is sent in the form of an automated email, holding a subject line like “There’s new activity in Teams”. Moreover, the campaign tells users that their colleagues are trying to contact them, or that they have a new task or deadline. For the uninitiated on the workings of this campaign, such messages buttress the authenticity of the scheme and make users to unknowingly leak their credentials.
Once the hackers hold a user’s Microsoft credentials, they can essentially control the account. The compromised account can then be used for a slew of illegal activities and would result in malicious theft of identity.
User awareness is extremely important to prevent such phishing campaigns from succeeding. Importantly, answering suspicious email correspondence is a risky activity. Moreover, companies like Microsoft, which are essentially interlinking one user’s credentials to a multitude of services, must create some security plan to ensure that impersonators do not succeed in their phishing campaigns.
Recently, logistics giant DHL faced a similar impersonation scheme in Australia. The global presence of such hackers is harmful to large corporations which handle important data.