Tricky phishing attack targets Microsoft Teams users — here's how to protect yourself
A new phishing attack was discovered toward the end of last week that aims to steal people's Office 365 login details. The attack used cloned imagery to ship disarming emails that pretends to be Microsoft Teams notifications. Clicking on links inside the emails goes through several URL redirects to cover up the assault and ends up on a realistic faux Role 365 login page. The page asks people to log in to their Role 365 account, but actually only steals people's login details. Abnormal Security first discovered and reported on the assault.
The phishing set on is particularly dangerous because millions of people are using Microsoft Teams for the first time due to the electric current global health crisis. With Microsoft Teams reaching 75 million daily active users recently, tens of millions of people are using the service for the starting time time. As a result, many people won't be familiar with what types of notifications the service sends out. Even if someone is familiar with Microsoft Teams, the phishing attack uses cloned imagery from Microsoft that is disarming.
Aberrant Security summarizes how convincing images and URL redirects create an effective attack:
The email and landing page the attackers created were convincing. The webpages and the links the electronic mail direct to are visually identical to legitimate Microsoft Teams and Microsoft login pages. Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials.
On May ane, 2022, Abnormal Security reported that between 15,000 and 50,000 inboxes received emails as office of the phishing attack. Abnormal Security highlights that considering Microsoft Teams is linked to Office 365, a successful phishing assault on a person's Microsoft Teams business relationship could also grant access to people'due south Office 365 account. The firm states, "Additionally, since Microsoft Teams is linked to Microsoft Function 365, the attacker may take access to other information bachelor with the user's Microsoft credentials via single-sign on."
To keep yourself protected, make certain the bank check the URL and source of emails and websites. For example, i attack comes from an email attache to "sharepointonline-irs.com." That website is not affiliated with Microsoft or the IRS. Some of the other URLs used look less convincing, but you should always go on an eye out when clicking on links equally some might have URLs that seem reasonable.
Updated February 2022
Windows 11 review: The start of a new era
Microsoft is dorsum with a roaring passion to create a modern version of the Windows user experience that's simple to use, beautifully designed, and well-connected, all in an effort to make yous more productive in your professional or artistic workflows. Simply, is information technology any good?
Shooty bang bang
Where are all the guns in Dying Lite 2?
It's by design, sure, but there'due south a distinct lack of firearms in Dying Light 2. For improve or worse, modern medieval Villedor is a place to build your own weapons. But what happened to the guns and ammo and might it ever make a comeback?
Source: https://www.windowscentral.com/psa-convincing-phishing-attack-targeting-microsoft-teams-users
Posted by: brittfecid1988.blogspot.com
0 Response to "Tricky phishing attack targets Microsoft Teams users — here's how to protect yourself"
Post a Comment