Notification emails impersonate Microsoft Teams to steal credentials


As the use of collaborative platforms continues to tick up as people work from home during the Covid-19 pandemic, hackers are sending fake email notifications that appear to come from Microsoft Teams in an effort to steal employee credentials.

“These attackers crafted convincing emails that impersonate automated notification emails from Microsoft Teams,” Abnormal Security researchers wrote in a blog post, noting the landing pages hosting the attacks “look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider.”

To avoid detection, the attackers mask the host URL through multiple URL redirects. Email recipients clicking attempting to log into Teams through the URL provided are redirected a number of times, finally landing on a web page asking for Microsoft login credentials.

“Since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user’s Microsoft credentials via single-sign on,” the researchers said. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.