Cyber criminals move fast. As organizations switch from Zoom to Microsoft Teams, hackers are on their trail.
Security researchers have observed thousands of cloned Microsoft Team login pages being used in an attempt to harvest account passwords.
These are not highly technical attacks. But it is very well-crafted Phishing. And these attacks come at "precisely the right time to fool already stressed and somewhat disoriented workers."
"The landing pages look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider."
While it may seem hard to mimic the actual pages, don't forget about "copy and paste" functions. Attackers simply need one real Microsoft email to craft a strong Phishing email. Next, they set up lookalike domains to further the con.
"Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials."
Just last week, the US government addressed organizations hurrying to the cloud. Through the Cybersecurity and Infrastructure Security Agency (CISA), officials warned that "hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy."
At the core of these attacks are your people. They're the ones targeted by these attackers. This is why organizations turn to INFIMA's Automated Security Awareness Training platform to protect their employees.
Ready to learn more? Start