Fake Microsoft teams’ notification is a new phishing campaign launch to steal workers’ login details by imitating notifications from Microsoft teams. This is due to the recent COVID-19 Virus attack which made several companies operate remotely full time. Thereby giving way for hackers to have a field day.
Fake Microsoft teams’ notifications
Hackers are using fake emails that look like automated notification emails from Microsoft teams. When once a victim clicks on the emails, the victim will land on the imitated WebPages of Microsoft teams. Abnormal security noticed this campaign in which researchers found out that the sender email came from a recently registered domain. The domain is sharepointonline-irs.com, which has nothing to do with either IRS or Microsoft.
What these dubious attackers do is to use various URL redirections to avoid malicious link detection by hiding the real URL they use for attacking. The two outstanding ways that hackers used to steal employee login details according to researchers are:
1 one way is that email has a link to a document that includes an image which will instruct receivers to login with Microsoft team ,when image is clicked then one is taken to the fake Microsoft fake Microsoft login page.
2 Another one is a YouTube link that will be redirected to multiple times and gets to a final webpage that looks like Microsoft login page.
With this, a recipient that falls a victim will get his or her login details compromised. And the attackers will have free access to the Microsoft office 356 services. These hackers’ targets approximately 50,000 workers login details to steal.
The unfortunate thing is that this lockdown has brought more attackers to steal corporate resources. This is due to the influx of remote traffic as people must now work from home.