With the ever-increasing use of collaboration applications, the likelihood of falling prey to phishing attacks has increased. Microsoft’s famous collaboration tool, Microsoft Teams has recently witnessed a massive surge in a number of daily active users — from 44 million daily active users to 75 million in just a month.
The massive increase in the number of daily active users now seems to have made Microsoft Teams users all the more vulnerable to attacks. According to Abnormal Security, a security research firm, cybercriminals are using emails, which are designed to spoof notification messages from Microsoft Teams, containing a link to a document, clicking on which is taking Teams users to a malicious web page impersonating Microsoft Office login page, thus making it easier for the cybercriminals to steal users’ Microsoft account credentials (via Tweaktown).
Another way that the attackers are following is, users are taken to a YouTube page that, in turn, redirects users to a fake Microsoft page.
Attackers are not sending the same URL to every target so that they can evade the link filter used by security products as well as conceal the actual URL.
According to the researchers at Abnormal Security, the phishing campaign was started on April 14 and lasted for only days. The second campaign began on April 29 and lasted for only a few hours. The phishing campaign targeted a variety of businesses ranging from energy to hospitality industries.