Beware of Emails Impersonating ‘Microsoft Teams’ Notifications

Researchers at the email security company Abnormal Security have discovered “a multi-prong Microsoft Teams impersonation attack” involving “convincingly-crafted emails impersonating the automated notification emails from Microsoft Teams,” reports Forbes: The aim, simply to steal employee Microsoft Office 365 login credentials. To date, the researchers report that as many as 50,000 users have been subject to this attack as of May 1.

This is far from your average phishing scam, however, and comes at precisely the right time to fool already stressed and somewhat disoriented workers. Instead of the far more commonly used “sort of look-alike” alerts and notifications employed by less careful cybercriminals, this new campaign is very professional in approach. “The landing pages that host both attacks look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider,” the researchers said. The attackers are also using newly-registered domains that are designed to fool recipients into thinking the notifications are from an official source…

As far as the credential-stealing payload is concerned, this is delivered in an equally meticulous way. With multiple URL redirects employed by the attackers, concealing the real hosting URLs, and so aiming to bypass email protection systems, the cybercriminals will eventually drive the user to the cloned Microsoft Office 365 login page.