New Password hacking threat to Microsoft Teams users

s
Microsoft Teams login on a smartphone
Photo by Mika Baumeister on Unsplash


With the increased user base for video conferencing apps comes the attention of hackers and cyber attackers who want to encash the information of the users by hacking their accounts, increased usage of video conferencing apps like Zoom, Microsoft Teams also resulted in these services been targeted by hackers, Zoombombing is the major security threat in Zoom besides other security allegations it faced over past few weeks.

Recently Microsoft Teams users were targeted by attackers who used a vulnerability in Teams by sending a GIF to a user and getting access to his/her account, this can go as far as getting access to the accounts of all the employees' of the organization where the attacked user is working, however, that vulnerability was fixed by Microsoft with the help Israeli researchers who first found out about the bug.

Forbes reported that there is now a new trick that is used by hackers to get the account login credentials of the Microsoft Teams users, however, this is not because of a vulnerability in Microsoft Teams but just a phishing scam that will redirect a user to a launch page that will look much similar to the Microsoft login page but is actually not, when the targeted users enter his/her login credentials they will be stolen by the attacker.

This phishing scam was discovered by Abnormal Security who says that 50,000 users were already attacked by this scam, in an alert given on April 29th The Cybersecurity and Infrastructure Security Agency (CISA) warns about the rise in these types of attacks given the increase of users and organizations shifting to Microsoft Office 365 during this time where employees are working from home.

To steal the login credentials of the users, attackers will send an email notification that looks similar to the one from Microsoft Teams and once the user clicks on it they will be redirected to the false login page. Abnormal Security said that "recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials, given the current situation, people have become accustomed to notifications and invitations from collaboration software providers."

Comments

Post a Comment

Comment your thoughts and feedback

The Windows 10 2004 update has led to Hard drive management problems for some users
Microsoft Teams is now extending to home users
Google's "Nearby Sharing" is coming to PCs, MACs and Chromebooks
A $5 billion lawsuit filed against Google for tracking user's information in incognito mode
iOS users can now Audio Tweet on Twitter

Contact Us.

Name

Email *

Message *