Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
  • Jimi Wikman
    Jimi Wikman

    Microsoft Teams Impersonation Attacks flood inboxes to Phish for Credentials

    • Angry 1
       (0 reviews)

    In the wake of Covid-19 and the increased need for communication for people working from home it comes as no surprise that Microsoft Teams are targeted by malicious people. This week we see both CISA and Abnormal security reporting on targeted phishing campaigns that have affected more than 50.000 users so far.

    With so many starting to work from home due to the Covid-19 situation invites to different Microsoft Teams are very common. This is something that malicious people have started to take advantage of. Since many organizations are still a bit new to the situation of many employees working from home, this also mean that security is not always up to par with the situation.

    Quote

    “CISA continues to see instances where entities are not implementing best security practices in regard to their O365 implementation, resulting in increased vulnerability to adversary attacks”
    - U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)

    The tactic is rather simple, but sadly also effective. One example is that a mail that seems legit are sent out with a link to a document on a Microsoft Team. If the link is clicked the user is asked to login and if that button is clicked, they’re taken to a malicious page which convincingly impersonates the Microsoft Office login page in order to steal their credentials

    Another example include an email link that points to a YouTube page.  From there the users are redirected twice to finally land on another Microsoft Office login phishing site which convincingly impersonates the Microsoft Office login page.

    Quote

    "In this attack, attackers are impersonating a notification from Microsoft Teams in order to steal the credentials of employees. Microsoft Teams has seen one of the largest increase in users as a result of the shift to remote work in response to the current COVID-19 pandemic."
    - Abnormal Security

    This is even more effective on mobile according to the articles. This is because the images take up most of the space and because domain links are more difficult to see and therefore identify.  These phishing attempts are however very convincing even on desktop, which makes it more likely that someone will get caught in the phishers net.

    As Microsoft Teams are integrated with Office 365 single sign on it means that if compromised the phisher will have access to other, possibly much more damaging, areas.  This is not the only issues facing office 365 users however and Sway got a bit of heat earlier this week as well.

    Microsoft is not being idle however and this week they patched a nasty subdomain takeover vulnerability in Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts.

    As always, be careful with email links and make sure you vet the urls carefully before submitting any user information online.


    • Angry 1


    User Feedback

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest

  • Similar Content

    • By ©Jimi Wikman
      Let's have a first look at the new Tasks in Teams app. This app allows you to manage all your tasks that are currently in To-Do and Planner all in one place within the Microsoft Teams app.
    • By ©Jimi Wikman
      In this step-by-step tutorial video, learn how to annotate your screen while screen sharing in Microsoft Teams. In this tutorial, I walk through how to both get and use the ZoomIt tool to annotate your screen while screen sharing in Teams. With annotations, you can draw, insert shapes, insert text, and zoom on your screen while presenting to help your audience follow along more easily.
      Free Annotation Tools:
      Zoom it (Recommended): https://docs.microsoft.com/en-us/sysinternals/downloads/zoomit DemoHelper:  https://tools.stefankueng.com/DemoHelper.html Freemium Annotation Tools:
      Epic Pen: https://epic-pen.com/ Paid Annotation Tools:
      Presentation Assistant: http://www.presentation-assistant.com/index.htm Presentation Marker: http://www.goldgingko.com/screen-marker/ Ink2Go: http://ink2go.org/ HeyeLighter:  http://www.aureosoft.com/heyelighter.html
    • By ©Jimi Wikman
      Hello guys! Today you will learn to design a creative gradient resume in MS word (Most Requested Tutorial).
    • By ©Jimi Wikman
      In this step-by-step tutorial, learn how you can create reminders and tasks from messages in channels and chats in Microsoft Teams.
      0:00 Introduction 1:19 Save channel conversations for later access 3:31 Pin chats for later access 4:09 Install task reminder bot 6:17 Add reminder for channel task 6:58 Add reminder for chat task 7:20 View all reminders 8:13 Add individual reminder 9:02 Add recurring reminder 9:34 Add reminder bot to channel or group chat 11:49 Remove reminder bot 12:36 Wrap up
    • By ©Jimi Wikman
      In this step-by-step tutorial, learn how to best present Microsoft PowerPoint slides in Microsoft Teams.
      0:00 Introduction 1:58 Example of the problem 3:00 Solution 1 - Upload slides into Microsoft Teams 5:50 Solution 2 - Present in Windowed mode in Microsoft PowerPoint 7:56 Wrap up
×
×
  • Create New...