Cyber Threat Alert

Microsoft Teams Phishing Alert

While the media has recently focused on the popular video conferencing app Zoom, Microsoft Teams has surpassed 75 million active daily users with 31 million added in the last month alone. Cybercriminals are now trying to take advantage of these new users through phishing attacks and malicious domains.  

A new phishing attack is targeting Teams users by cloning Microsoft imagery to trick people into entering Microsoft 365 credentials into convincing but fake login pages, following a password reset request. 


Remote work is here to stay, and cybercriminals have taken note.   

31 million new Teams users are prime phishing targets, as they are unfamiliar with service and the types of notifications typically sent.  

Unauthorized access to a Microsoft 365 account could have devastating impact to your business.   

The attacks use imagery cloned from Microsoft in their emails and landing pages that regular Teams users might even mistake as authentic.  


Microsoft Teams usage has exploded over that last month, which cybercriminals are trying to exploit. With 31 million new daily Teams users, cybercriminals are attempting to steal Microsoft 365 credentials through phishing emails and malicious domains. These attacks are using cloned imagery from Microsoft that is highly convincing, even to experienced Teams users. New users are specifically vulnerable as they are unfamiliar with the service and the notifications sent, creating a higher probability of being phished.  

The phishing emails will ask users to reset their passwords with an included link that re-directs them to a malicious website that highly resembles Microsoft. The cloned imagery is very convincing so Teams users should be extra cautious. Once a user clicks on the re-directed link and enters their credentials to be reset, the criminals have open access to remotely access sensitive information.     


Users must implement privacy and security measures now:  

  • Question and validate all password reset requests from Microsoft Teams, carefully reviewing URL’s and email addresses 
  • Implement Multi-Factor Authentication which can block cybercriminal from accessing your Microsoft 365 account, even if they have your login credentials.  
  • Update your security software and spam filters ASAP.  


Cyber insurance is your go-to option when you are looking to transfer some of your residual risk (that cannot be adequately mitigated): 

  • Social engineering coverage, including employee education and risk mitigation services 
  • Ransomware or cyber extortion coverage, including ransom payments and/or data recovery 
  • Data breach coverage, including direct first-party losses and third-party liability and damages 
  • Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network. 
  • Employee training and educational tools to help prevent attacks and protect your network/data 


This article is made available for informational purposes and is not intended to be a substitute for professional or legal advice. No attorney client relationship is formed or implied between you and the authors(s) or Cyber Armada Insurance.
Cyber Armada Team
Posted by Cyber Armada Team on May 13, 2020 2:00:40 PM

Apply for Cyber Insurance Online

Answer a few questions online and Cyber Armada will design a cyber insurance policy tailored to your particular needs.

Apply Online
Apply for Cyber Insurance
Schedule an appointment with Cyber Armada

Can we talk?

We're ready to talk when you are. You can schedule an appointment to speak with a representative from Cyber Armada when it is most convenient for you. Whenever possible we use online meetings to increase productivity and increase the amount of time we can spend with you. We use Zoom Meetings as our preferred video conferencing platform.

Schedule Appointment