Phishing attack hits thousands of Microsoft Teams users

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Thousands of Microsoft Teams users were recently targeted by a phishing scam.
  • They received an email posing as a trustworthy Teams member calling for a reply.
  • Our articles in the Microsoft Teams Hub will help you get the best of this collaboration tool nowadays.
  • Protect your digital life at all times using our recommendations in the Antivirus section.
phishing attack microsoft teams

The researchers at Abnormal Security released a report about a recent phishing attempt targeting up to 50,000 Microsoft Teams clients.

This adds to the statistics that showed increased numbers in this type of cyber-attacks that affected companies in online payment businesses, social media, or productivity services in today’s context of teleworking or homeschooling.

Considering that Microsoft Teams is the most popular business communication service presently, with over 75 million users reported in spring 2020, it becoming a target for such attacks comes as no surprise.

How does the phishing scam work on Microsft Teams accounts?

phishing attack in ms teams

According to the report, the attackers impersonated an acquaintance of the recipient sending out an email with a subject line resembling an instant messaging notification, announcing new activity on the platform.

This way, the attackers emailed between 15,000 and 50,000 Teams members, trying to catch their attention and make them hit the Reply in Teams button.

The body of the email included what appeared to be an instant messenger box linked to a particular workgroup, a request, and the Reply in Teams button.

Clicking on any of these led to a fake Microsoft login page. The phishing page asked the recipient to enter their email and password.

In case the recipient went along with the request, the attackers could get their credentials or any personal information stored on the respective account.

How can I avoid falling for phishing scams?

Such phishing scams include all the ingredients that make users vulnerable: branded URL, personalized salutation message, convincing design.

If one doesn’t pay too much attention to the source of such messages, the second most reliable way to prevent scams is using powerful software such as Bitdefender that protects against phishing attempts.

Bitdefender efficiently filters all incoming email messages, as well as all websites that pose as trustworthy asking for personal information, by blocking them before they can reach the user.

Bitdefender Antivirus Plus

Bitdefender Antivirus Plus

Protect your online activity from any type of cyber-attacks with this top-rated threat-detection software.
Free trial Visit website

We truly hope that now you are now better informed on how such attacks work and that you’ll be prepared in case of a phishing attempt on your own device.

Your feedback on this topic is welcome; use the comments section below.


More about the topics: Microsoft Teams, Phishing