The security company Abnormal Security has identified a phishing campaign aimed at users of Microsoft Teams which aims to steal the credentials of the Office 365 ecosystem of corporate users. What Abnormal Security has found is only the latest episode in a wide range of cybersecurity threats that arose following the spread of the COVID-19 pandemic and the consequent social distancing measures that have led a great deal of the workforce worldwide to have to adopt. dynamics of smart working, with the establishment of new habits.
The security company Abnormal Security has identified a phishing campaign aimed at users of Microsoft TeamsIt would be a particularly effective attack because it is conducted in a very rigorous way, through emails and landing pages carefully created to be identical in fact to legitimate counterparts. Researchers found the use of images copied from the original ones used by Microsoft and the use of a series of recently registered URLs that try to trick the recipient of the phishing email. For example, one of the domains used contains the words SharePoint and IRS, to give the impression of authenticity and to make people believe that the email is part of the official Microsoft Teams notifications.
Microsoft Teams credentials are connected to Office 365: maximum attention!
To lead the victim to the forged login page, the attackers then put in place several instances of redirection so as to try to bypass the link detection countermeasures used by the email protection systems. In an example of an attack, an email keeps a link to a document hosted on a domain used by a well-known email marketing service provider: inside this document, there is an image that pushes the victim to log in to Microsoft Teams but once you click on the image, you are taken to a compromised page that mimics the Office 365 login page. In another example, however, the redirect is hosted on YouTube, and through two further steps, it leads to the final page that shows another bogus login.
If you fall into the trap of the attackers, your account credentials would be compromised and, since Microsoft Teams is connected to Office 365, the attackers could have access to other information and resources available with the user’s credentials.
The attack is, as mentioned, effective due to the accuracy with which the misleading materials are created, and also for the particular period, we are experiencing: with the growth of smart working practices we become a little less attentive to the requests for login, lowering your guard and raising the risk of vulnerability.
