A new email phishing attack mimics Microsoft Teams notification messages targeting between 15,000 and 50,000 inboxes. The U.K. National Cyber Security Centre (NCSC) received public reports of over 160,000 suspicious emails only two weeks after the launch of its suspicious email reporting service.
“There’s no conceivable system that can stop 1 person in 100 opening a phishing email and that can be all it takes.” – Ciaran Martin, CEO of NCSC
In this article, we’ll cover the following email industry news:
- A new string of email phishing attacks spoofing Microsoft Teams notifications
- Over 160,000 suspicious emails were flagged by the U.K. public
Ready to dive in?
Email Phishing Attacks Tailored To Look Like Microsoft Teams Notifications
Since the COVID-19 crisis started, cybercriminals have exponentially increased their malicious attacks. With people being on lockdown and working from home, the requirement for virtual meetings and video chatting apps spiked, including Microsoft Teams.
With that being said, Abnormal Security discovered a new email phishing attack aimed at stealing Office 365 users’ login credentials. The new email phishing campaign utilises cloned imagery to send pretty credible emails tailored to spoof Microsoft Teams notification messages. According to the security provider, between 15,000 and 50,000 inboxes have received emails as part of the phishing attack.
With Microsoft Teams reaching 75 million daily active users recently, tens of millions of people might be using the service for the first time. Considering the current global health crisis and the number of people using Microsoft Teams, these email phishing attacks are particularly dangerous. Especially for first time users who have no idea what types of email notifications Teams are sending out. However, even if a person is familiar with Microsoft Teams, the cloned imagery is so convincing even they could be fooled.
The NCSC Received Reports Of Over 160K Suspicious Emails
Last month, the U.K. National Cyber Security Centre – a part of the Government Communications Headquarters (GCHQ) – launched its Suspicious Email Reporting Service which focuses on tracking and closing down fraudulent websites by utilising the public and relying on their ‘tip-offs’ or forwarding of suspicious emails.
After initially receiving over 5,000 complaints about suspicious emails (and that’s on the first day the service was launched), just two weeks later that number has increased to over 160,000 suspicious emails which led to the take-down of over 300 phishing and scam websites, making a significant dent in COVID-19-related online fraud.
Public reports, received by the NCSC, spiked exponentially after the service was promoted on the Martin Lewis Money Show. That ‘shout out’ to the British public combined with the further hype about the service in the MoneySavingExpert’s newsletter and social media channels led to the NCSC receiving over tens of thousands more suspicious email reports.
The NCSC’s Chief Executive Ciaran Martin’s response was –
“This really is a phenomenal response from the British public. I would like to thank them for embracing our reporting service. As well as the many organisations which have promoted it. I would urge people to remain vigilant and to forward suspicious emails to us. If it looks too good to be true, it probably is.”
We strongly urge you to report and forward any suspicious emails to firstname.lastname@example.org.
Do you have any suggestions or ideas about which email industry news topics you’d like us to look out for in the future? Write your requests below. We’ll keep an eye out (or two) so you don’t have to – and all for FREE, of course.
In the meantime, you can take a look at our email marketing blog for useful email advice, tips and tricks. Last, but certainly not least, we’ll keep you up-to-date with the most recent social media news, search engine news, PPC & Ads news as well as other digital marketing news we found interesting.