Microsoft Teams Phishing Alert
While the media has recently focused on the popular video conferencing app Zoom, Microsoft Teams has surpassed 75 million active daily users with 31 million added in the last month alone. Cybercriminals are now trying to take advantage of these new users through phishing attacks and malicious domains.
A new phishing attack is targeting Teams users by cloning Microsoft imagery to trick people into entering Microsoft 365 credentials into convincing but fake login pages, following a password reset request.
WHY THIS MATTERS
Remote work is here to stay, and cybercriminals have taken note.
31 million new Teams users are prime phishing targets, as they are unfamiliar with service and the types of notifications typically sent.
Unauthorized access to a Microsoft 365 account could have devastating impact to your business.
The attacks use imagery cloned from Microsoft in their emails and landing pages that regular Teams users might even mistake as authentic.
Microsoft Teams usage has exploded over that last month, which cybercriminals are trying to exploit. With 31 million new daily Teams users, cybercriminals are attempting to steal Microsoft 365 credentials through phishing emails and malicious domains. These attacks are using cloned imagery from Microsoft that is highly convincing, even to experienced Teams users. New users are specifically vulnerable as they are unfamiliar with the service and the notifications sent, creating a higher probability of being phished.
The phishing emails will ask users to reset their passwords with an included link that re-directs them to a malicious website that highly resembles Microsoft. The cloned imagery is very convincing so Teams users should be extra cautious. Once a user clicks on the re-directed link and enters their credentials to be reset, the criminals have open access to remotely access sensitive information.
Users must implement privacy and security measures now:
- Question and validate all password reset requests from Microsoft Teams, carefully reviewing URL’s and email addresses.
- Implement Multi-Factor Authentication which can block cybercriminal from accessing your Microsoft 365 account, even if they have your login credentials.
- Update your security software and spam filters ASAP.
CYBER INSURANCE SOLUTIONS
Cyber insurance is your go-to option when you are looking to transfer some of your residual risk (that cannot be adequately mitigated):
- Social engineering coverage, including employee education and risk mitigation services
- Ransomware or cyber extortion coverage, including ransom payments and/or data recovery
- Data breach coverage, including direct first-party losses and third-party liability and damages
- Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network.
- Employee training and educational tools to help prevent attacks and protect your network/data