Wednesday, April 9, 2025
Follow us On Linkedin
HomeCyber AttackBeware of Fake Microsoft Teams Notifications Aimed to Steal Employee's Passwords

Beware of Fake Microsoft Teams Notifications Aimed to Steal Employee’s Passwords

Cyber Attackcyber security

Published on

By Gurubaran
Microsoft Teams Notifications

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A new phishing campaign aimed to steal employees’ login credentials by impersonating Microsoft Teams’ notifications.

Due to this COVID-19 pandemic situation, many companies moved to full-time remote work, and attackers took advantage of it.

Fake Microsoft Teams Notifications

Attackers use crafted emails that appear to be automated notification emails coming from Microsoft Teams.

- Advertisement - Google News

Once the user clicks on the email it takes them to the fake landing that impersonates the real web pages of Microsoft Teams.

The campaign was observed by Abnormal Security, according to researchers the “sender email originates from a recently registered domain, “sharepointonline-irs.com”, which is not associated with either Microsoft or the IRS.”

Malicious Email

Attackers used numerous URL redirections to evade malicious link detection and hide the original URL used to launch the attack.

Researchers observed two such attacks that try to steal employee login credentials

  1. In one such attack, the email includes a link to a document that contains an image that urges recipients to log in with Microsoft Team, upon clicking the image it takes to the fake Microsoft Office login page.
  2. In another, a Youtube link is redirected multiple times and reaches a final webpage that impersonates a Microsoft login page.

If a recipient falls victim to the attacks, their login credentials get compromised, and attackers may gain access to Microsoft Office 365 services also. The attack targets more than 50,000 employees to steal login credentials.

Recently Group-IB Threat Intelligence group reported that “more than 150 companies’ top executives are hacked via successful targeted phishing attacks, they also got evidence regarding the corporate email account establishment of an Asia-based company.”

Last week Microsoft patched a subdomain takeover vulnerability in Microsoft Teams that affects every user who uses the Teams desktop or web browser version.

Since the lockdown was introduced remote traffic is increased, and attackers taking advantage of the situation to steal corporate resources. Stay Safe Online!!

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity and hacking news updates.

Also, Read

Malicious App in Google Play Store Hijack SMS Message Notifications to Commit Billing Fraud

New Android Malware that Uses Chrome to Load Malicious Websites through Notifications

Fake cryptocurrency Wallets Apps on Google Play Steal User Credentials and Mimic Legitimate Wallets

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Press Release

Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed

Gcore, the global edge AI, cloud, network, and security solutions provider, has launched Super...
CVE/vulnerability

Windows Active Directory Vulnerability Enables Unauthorized Privilege Escalation

Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain...
Adobe

Adobe Security Update: Patches Released for Multiple Product Vulnerabilities

Adobe has announced critical security updates for several of its popular software products, addressing...
cyber security

HollowQuill Malware Targets Government Agencies Globally Through Weaponized PDF Documents

In a disturbing escalation of cyber threats, a new malware campaign dubbed 'HollowQuill' has...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

cyber security

HollowQuill Malware Targets Government Agencies Globally Through Weaponized PDF Documents

In a disturbing escalation of cyber threats, a new malware campaign dubbed 'HollowQuill' has...
Botnet

New Mirai Botnet Variant Exploits TVT DVRs to Gain Admin Control

GreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video...
Cyber Attack

New Double-Edged Email Attack Steals Office 365 Credentials and Delivers Malware

Cybersecurity experts have uncovered a sophisticated phishing campaign that employs a double-edged tactic to...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved