Remote workers are being urged to take extra care following the reveal of a new security scam affecting Microsoft Teams.
Users of the popular video conferencing service are being targeted by a phishing scam that looks to trick Teams customers into handing over their logins.
Criminals have designed fake email alerts that spoof Microsoft Teams file share and audio chat notifications, with as many as 50,000 emails already detected.
Microsoft Teams hack
According to researchers from Abnormal Security, criminals have been using cloned imagery and designs to make their malicious alerts look like real ones from Microsoft.
This tactic is particularly dangerous as users are being bombarded with more alerts than ever as the popularity of video conferencing tools such as Microsoft Teams increases, this makes victims more likely to click on what they believe to be a legitimate message.
“Since the imagery found throughout this attack is actual imagery used by the legitimate provider, the recipient may be more convinced this is a legitimate email,” the researchers told BleepingComputer. “This holds especially true on mobile where images take up most of the content on the screen.”
The phishing campaign adds an extra level of sophistication thanks to the use of several URL redirects to hide the hosting addresses and avoid email protection services.
If the victim clicks on a link in the malicious email, they are then taken to a fake landing page which accurately copies the real Office 365 login page, however entering account details there will lead to the information being stolen.
Microsoft Teams is one of several video conferencing and collaboration tools that has seen a huge spike in user numbers in recent weeks due to the global coronavirus lockdown.
Last week, Microsoft CEO Satya Nadella revealed Teams has surpassed 75 million daily active users.