The transition to working from home due to Covid-19 has seen a surge in the dependence on cloud-based collaboration platforms. Microsoft reported the number of daily Teams users jumped from 44 million at the end of March to 75 million by the end of April. The increasing reliance on platforms such has teams has made them ideal targets for phishing attacks. This week, two separate phishing attacks have targeted 50,000 Teams users. As well as this, email spoofing has also recently resurfaced, this time taking advantage of people’s increasing dependence on email for communication.
The phishing campaign against Microsoft Teams users consisted of two attacks. In the first attack, the email contains a link to a document, if the link is clicked the recipient will be presented with a button asking them to log into Microsoft Teams. They are then taken to a spoofed Office 365 login page designed to steal credentials.
In the second attack, the email contains a malicious link which redirects the recipient to several pages (including a YouTube page) before landing on another spoofed Office 365 login page that will also harvest credentials if they’re entered.
This phishing campaign had successfully targeted approximately 50,000 users. The emails impersonated automated notification emails from Microsoft Teams, they also used images and messages from actual Teams notification emails which added to its legitimacy. Read more about how to spot a phishing email or contact your Managed IT Services provider.
Late last year, an email spoofing phishing campaign targeting Office 365 users surfaced (read more the Office 365 attack). Essentially, the attackers used a tactic called Account Take Over (ATO) to hijack a user’s Office 365 account. From there, the attacker will send emails containing malicious links and documents to unsuspecting colleagues, family and friends whilst posing as you.
This type of phishing campaign has recently resurfaced as more people are working from home and therefore relying on emails as their main point of communication for work.
Since these emails are seemingly coming from a ‘trusted sender’, they may pass through spam filters. This means you will need to be vigilant when receiving emails, no matter who it’s from.
Whilst the transition to working remotely has definitely presented its challenges, staying vigilant towards phishing campaigns is imperative. A seemingly legitimate email could potentially be a phishing attack. If you have any doubts about an email you’ve received, it’s best to be proactive and check directly with the sender by phone or contact an IT Company like Milnsbridge Managed IT Services to investigate the email.
Key Takeaways: Implementing strategic IT upgrades can significantly enhance business operations without requiring substantial investment.…
Key Takeaways: Cloud computing offers unparalleled efficiency, allowing businesses to optimise resources. It provides scalability,…
In the ever-evolving landscape of remote work, 2024 has seen remarkable advancements in technology tools…
Data Privacy Day serves as a crucial reminder of the importance of protecting personal and…
In the evolving landscape of Australian business technology, cloud platforms have emerged as a vital…
In the ever-evolving world of technology, 2024 marks a significant year for Managed IT Services.…