A new string of email phishing attacks spoofing Microsoft Teams notifications.
Since the COVID-19 crisis started, cybercriminals have exponentially increased their malicious attacks. With people being on lockdown and working from home, the requirement for virtual meetings and video chatting apps spiked, including Microsoft Teams.
With that being said, Abnormal Security discovered a new email phishing attack aimed at stealing Office 365 users’ login credentials. The new email phishing campaign utilises cloned imagery to send pretty credible emails tailored to spoof Microsoft Teams notification messages. According to the security provider, between 15,000 and 50,000 inboxes have received emails as part of the phishing attack.
With Microsoft Teams reaching 75 million daily active users recently, tens of millions of people might be using the service for the first time. Considering the current global health crisis and the number of people using Microsoft Teams, these email phishing attacks are particularly dangerous. Especially for first time users who have no idea what types of email notifications Teams are sending out. However, even if a person is familiar with Microsoft Teams, the cloned imagery is so convincing even they could be fooled.