Tag Archives: Phishing

Microsoft Teams phishing campaign attack on O365 Users

Reading Time: 3 minutes
Image shows capabilities of Microsoft teams- a Network of sharing files, calendar, emotions, statics, comment, and mails.

© Image inserted from Microsoft News – news.microsoft.com

 

Due to the COVID-19 situation many Governments, Organisations, and businesses transform into online communication platforms or integrate into their system and use it as a primary communication channel. Universities and academic institutions all around the world also decide for a sudden shift to online learning in a short period of time.

According to the New York Times analysis of internet usage in the US and special services that allow us to work and learn from home increasing continuously.

 

© Image Screenshot from NY Times – App popularity according to iOS App Store rankings on March 16-18. · Source: Apptopia

 

At Kozminski our main communication channel is Microsoft Teams, MS Teams is one of the products of O365, and a very popular subscription services that MS offer academic institutions among Google G Suite, Zoom for Education, and many more.

Cloud-based communication platform security is a huge threat that we as a student, employer, and user-facing threats daily, it’s clear to us there is no perfection in SaaS. Startup, Footprint, Runtime, Responsiveness, Hangs, rendering, and so many more that we use to hear as BUGS, but Security Bugs is one of the scariest to end user because makes us a vulnerable and the main target.

Abnormal Security researchers warn of a phishing campaign that pretends to be an automated message from MS teams, but actually aims to steal the credentials of O365 recipients.

Phishing is a fraudulent attempt to obtain sensitive information or data, it’s a very popular and old technique of attack. This campaign attack was sent to 15,000 – 50,000 O365 users according to researchers with Abnormal Security

“Because Microsoft Teams is an instant-messaging service, recipients of this notification might be more apt to click on it so that they can respond quickly to whatever message they think they may have missed based on the notification,” said researchers in a Thursday analysis.

The phishing Email displays the name “There’s new activity in teams”, making look like it’s an automatic notification from Microsoft Teams.

As can be seen in the picture below, the email tells the recipient that his teammates are trying to reach him, warns him that he has missed the MS Teams Chat and shows an example of a teammate chat where he is asked to submit something.

 

Email Attack: The email is sent from the display name, ‘There’s new activity in Teams’, making it appear like an automated notification from Microsoft Teams.

© Image inserted from Abnormal Security

 

It’s certain that Using 2FA or Multi-FA will make an important additional layer, low coast solution In many cases, it does stop phishing attacks from succeeding but it doesn’t mean your are immune to attacks. Also according to MS365 administration official documentation first task is to “Set up multi-factor authentication” and apply to the user as required widely within the organization and the Second task “Train your users” Also Microsoft recommended The Harvard Kennedy School Cybersecurity Campaign Handbook guidance.

In my opinion, due to rapid changes and system integration, most IT Teams can not feed their users enough information and updates, and it’s time for us as the end-user to watch tutorials to familiarises ourselves and read more informations about our daily software/tools.

And here is to learn more about how to set up 2FA on your Microsoft account Step by Step

The Image show steps, how 2FA works on clients point of view.

© Image inserted from ZUKO TECH – Two-factor authentication (2FA)

 

Resource: Abnomal Security

MS = Microsoft Teams   –   O365 = Office 365   –   2FA = Two-Factor Authentication

Tagged , , ,