Cybercriminals are taking advantage of virtually every aspect of the coronavirus to undertake to extend business. Among other consequences, the necessity to quarantine and work from home has triggered a surge in demand for virtual meetings and video chatting apps, including the business-oriented Microsoft Teams. a replacement phishing campaign discovered by security provider Abnormal Security is exploiting the greater use of Teams as how to hijack Microsoft account credentials.
In one campaign, the phishing email includes a link to a document on a website employed by a legitimate email marketing provider for hosting content for marketing campaigns. within the document is a picture that prompts users to check in to their Microsoft Teams account. But, if someone clicks on this image, a malicious page impersonating the Microsoft Office login site appears for the aim of capturing the user’s credentials.
The first campaign started on Pan American Day and went on for 2 days but hasn’t been since, consistent with Kenneth Laio, vice chairman of Cybersecurity Strategy at Abnormal Security. The second campaign began on April 29, lasted a couple of hours, and has not been recorded since then.
Most of the phishing emails are sent to those customers who belongs to MNC’s, Industries. However, the attacks weren’t targeted to any specific company or industry and, in fact, were designed during a generic way in order that they might be launched against anyone.
The landing pages that host the phishing pages were created to seem a bit like the important Microsoft pages. the pictures were copied from actual Microsoft notifications and emails, consistent with Abnormal Security. Plus, the sender email comes from a website called “sharepointonline-irs.com,” which can look legitimate initially glance, but isn’t registered either by Microsoft or the IRS.
The images are often especially convincing on a mobile device where they take up most of the content on the screen. Further, users who are familiar with notifications from Microsoft and other vendors might fail to research the messages and easily take the bait. Since Microsoft Teams is linked to Microsoft 365 and Office 365, any credentials stolen within the scam might be wont to sign in to other Microsoft accounts and services.
“In addition, we might advise everyone to always check the URL of pages which they had opened. Attackers will often hide malicious links in redirects or host them on separate websites which will be reached by safe links. this enables them to bypass link scanning within emails by traditional email security solutions.”