experts warn of a phishing campaign that has already reached up to 50,000 Office 365 users with a fake automatic message from Microsoftteams.

Security researchers have reported that up to 50,000 Office 365 users have been affected by a phishing campaign that claims to be automated messages from Microsoft teams. The bait message uses fake chat messages from Microsoft teams, the campaigns aim to steal the identifiers of the Office 365 receivers.

Like other collaboration and communication platforms, Microsoft teams have become more popular since the Covid 19 pandemic, as more and more organizations have adopted the teleworking model. When threat actors adapted their methods of attack to the current situation, Abnormal Security researchers discovered that the campaign reached between 15,000 and 50,000 Office 365 users.

This attack represents an automatic message from Microsoft teams to steal the recipient’s identifiers. read a report published by Anormal Security. The letter will be sent from the name of the advertisement. There is new activity in the orders, which makes it look like the automatic notification of Microsoft teams. It seems that he tells the receiver that his teammates are trying to contact him, and encourages him to click the Team Reply button. However, this leads to a phishing site.

The bait letter is titled There is new activity in teams to make victims believe that it is an automatic notification of Microsoft teams.

The letter informs the recipient that he or she has missed the Microsoft team chat and shows an example of a team chat in which the recipient is asked to send something by next Wednesday.

The researchers believe that the campaign is not an end in itself, since the employee named in the chat rooms is not an employee of the company targeted by the attackers.

The recipient can reply by clicking on the Reply button in the commands available in the message content, but this action redirects the victim to a phishing site.

There are three links in the body of the email that appear as Microsoft commands, (Contact) sent the message in an instant message, and Reply in Commands continues the analysis. When you click on one of these pages, a fake website appears that pretends to be a Microsoft login page. On the phishing site the recipient will be asked to enter his or her email address and password.

The phishinglanding looks like a Microsoft login page, the URL starts with microsft teams to look legitimate.

The attacker forged the employees’ letters and also impersonated the Microsoft team. It is more likely that the recipient will be the victim of an attack if it is assumed that it comes from both the company itself and a trusted brand.

Pierluigi Paganini

(Security issues – Hacking, Microsoft team)




microsoft streams,vishing,word,teams microsoft login,social engineering,skype

You May Also Like

One Team Member Selflessly Provides Relief to COVID-19’s Front Line

I never thought that what started as a national voluntary service in…

VoltPillager: New Hardware-Based Voltage Manipulation Attack Against Intel SGX

A research team from the University of Birmingham has developed a new…