Hackers are constantly finding new and innovative ways to infiltrate your personal information. This time, Microsoft Teams users have been the target of vicious phishing attacks
According to a My Broadband report, a security company flagged two types of phishing scams that cybercriminals are using to harvest Microsoft Teams users’ login information.
Abnormal Security explains that due to the rapid increase in the usage of Microsoft Teams (due to escalated remote working), more than 50 000 mailboxes have received phishing emails.
With Microsoft Teams experiencing a surge in its userbase (up from 32 million in early March to a whopping 75 million in less than to months), users have been warned to be on the lookout for these two phishing scams.
Microsoft Teams: Look out for these two phishing scams
A phishing classic: The multiple URL redirects
In the report published by Abnormal Security, the first attack is described as ‘the multiple URL redirect’ attack. In this attack, hackers use multiple URLs to mask from email software that detects malicious links.
Those who fall for this email and click on the malicious URL-embedded image document are taken to a fake login page where they are urged to insert their login information.
Once they do, the page redirects to oblivion and the personal information you entered falls into the wrong hands.
The fake Microsoft Teams login page
In the second attack, hackers send out an email containing a link that redirects the user to a link hosted on YouTube. This YouTube page then uses two other URL redirects to send the unsuspecting users to the fake login page.
There is no need to further expound on what the consequences of entering sensitive information on these untrusted sites are.
My Broadband encourages users to be more vigilant about communication that claims to be from Microsoft Teams.
“Microsoft Teams users are encouraged to check that the URL of the login page matches https://login.microsoftonline.com to ensure that they are using the correct portal.
It is advisable not to click on any link in emails claiming to be from official sources without properly perusing the sender’s details.”