First Zoom, Now Microsoft Teams
With widespread publicity around Zoom's many cyber risks (here and here), many businesses switched to Microsoft Teams. And in typical fashion, cyber criminals followed the move.
Security researchers have observed thousands of cloned Microsoft Team login pages being used in an attempt to harvest account passwords.
These are not highly technical attacks. But it is very well-crafted Phishing. And these attacks come at "precisely the right time to fool already stressed and somewhat disoriented workers."
"The landing pages look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider."
While it may seem hard to mimic the actual pages, don't forget about "copy and paste" functions. Attackers simply need one real Microsoft email to craft a strong Phishing email. Next, they set up lookalike domains to further the con.
"Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials."
These spoofed domain tactics are very similar to those used in PPP Attacks and those highlighted in a recent FINRA Notice
Just last week, the US government addressed organizations hurrying to the cloud. Through the Cybersecurity and Infrastructure Security Agency (CISA), officials warned that "hasty deployment can lead to oversights in security configurations and undermine a sound O365-specific security strategy."
At the core of these attacks are your people. They're the ones targeted by these attackers. This is why organizations turn to INFIMA's Automated Security Awareness Training platform to protect their employees.
Ready to learn more? Start