Security Alert: Microsoft Teams Phishing Attack

We are currently seeing an emerging cyber-attack targeting Microsoft Teams users with a Phishing email. If successful, the attack allows access to Office 365 accounts and credentials.

Please be aware of this attack and take the necessary steps to educate your Microsoft Teams users. 

About the Attack

Users will initially get a Phishing email with a subject line such as “There’s new There’s new activity in Teams,” From the picture below, this looks like a genuine Teams message, advising the recipient that their teammates are trying to reach them. 

The mail warns that they have missed Microsoft Team chats and shows an example of a teammate chat, asking them to submit something by Wednesday of next week. 

The email urges the recipient to click on the “Reply in Teams” button – However, this action leads to a malicious phishing page.  

Within the body of the email, there are also three links appearing as ‘Microsoft Teams’, ‘(contact) sent a message in instant messenger’, and ‘Reply in Teams’,” according to researchers. Clicking on any of these links , will take respondents to a fake website that impersonates the Microsoft login page. 

The website/login page is very convincing and looks genuine, even the URL contains “Microsoft teams”. The phishing page asks the recipient to enter their email and password and credentials are captured. 

Abnormal Security, Data Scientist Erin Ludert, “attackers are using more of a “spray” tactic here, as the employee referenced in the chats doesn’t appear to be an employee of the company that received the attack”.

How to Avoid This Attack? 

The most straightforward step to avoid this particular Phishing attack is to check your “Activity” in Teams itself, rather than clicking links in emails either from Teams (which would be genuine) or from phishing attempts.

Genuine Teams notification would appear in your “Activity” and also be emailed to you from Teams. 

Using “Activity” in Teams, instead of relying only email notifications should confirm whether the email received is real or fake. Any notifications coming from Teams, will appear in both your email and “Activity”. Any Phishing attempt will only appear in your email/inbox. 

Cyber-attacks such as these are on the increase, and we all need to be vigilant and put in stringent measures to protect ourselves. 


MS Teams Activity - Phishing Attack

How We Can Help Combat Phishing Attacks 

Phishing is a firm favourite of Cybercriminals as it exploits the weakest link in any security strategy, the Human! 

It is crucial not only to protect your organisation and employees but also to demonstrate to the Information Commissioner Office (ICO)  that you have taken all reasonable steps to protect data which includes educating staff around risks. 

Phishing Attack Simulation 

We offer a wide range of physical and cybersecurity services to help protect organisations and can give insight into how well  your organisation responds to phishing attacks, with a free phishing attack simulation. Doing this will also provide a benchmark on how resilient your staff are too these types of attack.  

Click here to arrange a Free “Simulated Phishing Attack.” 

Phishing Alert Button

With the levels of emails, we receive at epic levels, what do users do when something received that doesn’t look right. With a Phish Alert Button, users can quickly alert and quarantine an email for inspection by your security team reducing risk.  

Click here for a Phish Alert Button

Cyber Awareness Training

Your staff are your weakest link, and as mentioned earlier, it is essential that staff are provided tools, to defend your organisation proactively. 

Our Security Awareness Training delivered by KnowB4, offers engaging and tailorable staff training to help you mitigate threats and perform due diligence. 

Find out more about Cyber Awareness Training >>

If you would like to find out more about C>Ways and how we can help your organisation be more secure and mitigate risks, call us on 0333 344 8971 or book a Free Cyber Audit.