Between 15K and 50K Microsoft 365 users have been targeted by a sophisticated Microsoft Teams email phishing attack.
Cybercriminals are impersonating Microsoft Teams via an automated targeted email campaign aimed at stealing the recipients’ login information. Since the platform is an instant-messaging service, the recipients of this phishing email are more likely to open it in an attempt to respond quickly to whatever message they might’ve missed based on the notification.
Within the body of the email, there are three links mimicking Microsoft Teams each one leading to a phishing landing page. Moreover, all the phishing landing pages look convincingly like a legitimate Microsoft login page. Once a recipient enters their credentials, they are harvested by the cybercriminals who intend to use them for nefarious and malicious purposes; including, but not limited to, complete account takeover.
With the ongoing COVID-19 pandemic, cyberattackers leveraging enterprise collaboration and conferencing platforms like Microsoft, Zoom and Skype has become quite worrisome. Furthermore, 96% of phishing attacks are delivered by email; with the average breach costing small and mid-sized businesses $3.92 million.
Furthermore, according to recent research, the top 10 most impersonated brands for Q1 2020 were: Apple, Netflix, Yahoo!, WhatsApp, PayPal, Chase, Facebook, Microsoft, eBay and Amazon.