Monday, April 28, 2025
Follow us On Linkedin
HomeCyber AttackBeware of Fake Microsoft Teams Notifications Aimed to Steal Employee's Passwords

Beware of Fake Microsoft Teams Notifications Aimed to Steal Employee’s Passwords

Cyber Attackcyber security

Published on

By Gurubaran
Microsoft Teams Notifications

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A new phishing campaign aimed to steal employees’ login credentials by impersonating Microsoft Teams’ notifications.

Due to this COVID-19 pandemic situation, many companies moved to full-time remote work, and attackers took advantage of it.

Fake Microsoft Teams Notifications

Attackers use crafted emails that appear to be automated notification emails coming from Microsoft Teams.

- Advertisement - Google News

Once the user clicks on the email it takes them to the fake landing that impersonates the real web pages of Microsoft Teams.

The campaign was observed by Abnormal Security, according to researchers the “sender email originates from a recently registered domain, “sharepointonline-irs.com”, which is not associated with either Microsoft or the IRS.”

Malicious Email

Attackers used numerous URL redirections to evade malicious link detection and hide the original URL used to launch the attack.

Researchers observed two such attacks that try to steal employee login credentials

  1. In one such attack, the email includes a link to a document that contains an image that urges recipients to log in with Microsoft Team, upon clicking the image it takes to the fake Microsoft Office login page.
  2. In another, a Youtube link is redirected multiple times and reaches a final webpage that impersonates a Microsoft login page.

If a recipient falls victim to the attacks, their login credentials get compromised, and attackers may gain access to Microsoft Office 365 services also. The attack targets more than 50,000 employees to steal login credentials.

Recently Group-IB Threat Intelligence group reported that “more than 150 companies’ top executives are hacked via successful targeted phishing attacks, they also got evidence regarding the corporate email account establishment of an Asia-based company.”

Last week Microsoft patched a subdomain takeover vulnerability in Microsoft Teams that affects every user who uses the Teams desktop or web browser version.

Since the lockdown was introduced remote traffic is increased, and attackers taking advantage of the situation to steal corporate resources. Stay Safe Online!!

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity and hacking news updates.

Also, Read

Malicious App in Google Play Store Hijack SMS Message Notifications to Commit Billing Fraud

New Android Malware that Uses Chrome to Load Malicious Websites through Notifications

Fake cryptocurrency Wallets Apps on Google Play Steal User Credentials and Mimic Legitimate Wallets

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Obfuscation Techniques: A Key Weapon in the Ongoing War Between Hackers and Defenders

Obfuscation stands as a powerful weapon for attackers seeking to shield their malicious code...
CVE/vulnerability

React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values

The widely used React Router library, a critical navigation tool for React applications, has...
CVE/vulnerability

CISA Alerts Users to Security Flaws in Planet Technology Network Products

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security...
CVE/vulnerability

New iOS Vulnerability Could Brick iPhones with Just One Line of Code

A security researcher has uncovered a critical vulnerability in iOS, Apple's flagship mobile operating...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

cyber security

Obfuscation Techniques: A Key Weapon in the Ongoing War Between Hackers and Defenders

Obfuscation stands as a powerful weapon for attackers seeking to shield their malicious code...
cyber security

Three IXON VPN Client Vulnerabilities Let Attackers Escalate Privileges

Security researchers at Shelltrail have discovered three significant vulnerabilities in the IXON VPN client...
CISO

How To Use Digital Forensics To Strengthen Your Organization’s Cybersecurity Posture

Digital forensics has become a cornerstone of modern cybersecurity strategies, moving beyond its traditional...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved