You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

First Zoom, Now Microsoft Teams

Cyber criminals move fast. As organizations switch from Zoom to Microsoft Teams, hackers are on their trail.

With widespread publicity around Zoom's many cyber risks (here and here), many businesses switched to Microsoft Teams. And in typical fashion, cyber criminals followed the move.

Security researchers have observed thousands of cloned Microsoft Team login pages being used in an attempt to harvest account passwords.

These are not highly technical attacks. But it is very well-crafted Phishing. And these attacks come at "precisely the right time to fool already stressed and somewhat disoriented workers."

"The landing pages look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider."

While it may seem hard to mimic the actual pages, don't forget about "copy and paste" functions. Attackers simply need one real Microsoft email to craft a strong Phishing email. Next, they set up lookalike domains to further the con.

"Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials."

These spoofed domain tactics are very similar to those used in PPP Attacks and those highlighted in a recent FINRA Notice

Just last week, the US government addressed organizations hurrying to the cloud. Through the Cybersecurity and Infrastructure Security Agency (CISA), officials warned that "hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy."

At the core of these attacks are your people. They're the ones targeted by these attackers. This is why organizations turn to INFIMA's Automated Security Awareness Training platform to protect their employees.

Ready to learn more? Start here!

Original article here.

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.