Fake Microsoft Teams notification emails are hitting inboxes

Phishers are using fake Microsoft Teams notification emails to trick users into sharing their Microsoft Teams and Office 365 login credentials.

“Should the recipient fall victim to this attack, this user’s credentials would be compromised. Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user’s Microsoft credentials via single-sign on,” Abnormal Security warns.

The email phishing campaigns

The company has spotted two slightly different campaigns, both consisting of fake Microsoft Teams notification emails:

“Given the current situation, people have become accustomed to notifications and invitations from collaboration software providers. Because of this, recipients might not look further to investigate the message,” they noted.

The imagery in the emails is copied from actual Microsoft Teams notifications and emails, and the phishing pages to which the emails direct potential victims look identical to the legitimate Microsoft Office 365 and Microsoft Teams login pages.

Those lucky enough to notice that the pages’ URLs have nothing to do with Microsoft Teams or Office might think twice about providing their login credentials.

A massive user base makes for a great target

In March 2020, Microsoft Teams had hit 44 million daily users. In April 2020, during the company’s earnings conference call, Microsoft CEO Satya Nadella said that the number has surpassed 75 million, fueled by companies’ need to keep in (video) touch with their employees who are working from home due to the COVID-19 pandemic.

Just as criminals go where the money is, phishers go where the majority of users are – and a user base of 75+ million active users is a very big pond for them phish in.