Cloud-based office productivity solutions, including Microsoft 365 (formerly Office 365), enable remote workers to communicate, collaborate, and work from anywhere. Unfortunately, cybercriminals are using these productivity apps to breach organizational networks. One of the attacks currently making the rounds is a phishing scheme that leverages the automated notifications that Microsoft apps send to employees whenever they’re mentioned in a group chat or a document.
Microsoft Teams Phishing Scheme
SC Magazine reports on a phishing scheme targeted at users of Microsoft Teams, a group communication and chat tool. Employees receive an email with the subject header, “There’s new activity in Teams.” The body of the email notifies them that their co-workers are trying to reach them and contains three hyperlinks: “Microsoft Teams,” “[contact] sent a message in instant messenger,” and “Reply in Teams.”
The email is designed to look like legitimate communication from Microsoft, the type that remote employees receive all day long. If the employee clicks on any of the links, they’re taken to a phishing website that looks like the real Microsoft login page. Should the employee not realize that they’ve landed on a phishing page and enter their login credentials, those credentials, as well as any other information stored on their account, will immediately be compromised.
Protecting Your Company from Notification Phishing Scams
- Advise your employees not to blindly click on notification emails, even if they seem to come from a legitimate vendor like Microsoft or Google. Yes, we get a lot of them, all day long, but it’s important to read them carefully. If the recipient doesn’t recognize the document they were tagged in, they should contact the person who allegedly sent it and verify that the notification is legitimate.
- Require that employees use multi-factor authentication (2FA) on all accounts that support it. With 2FA enabled, even if an employee’s credentials are compromised, cybercriminals won’t be able to access their account without the second authentication factor.
Learn more about Cyber Security