Tricky phishing attack targets Microsoft Teams users — here's how to protect yourself

News
By last updated

Between 15,000 and 50,000 inboxes were targeted by a new phishing attack as of last Friday.

Microsoft Teams PC
Microsoft Teams PC (Image credit: Windows Central)

What you need to know

  • A new phishing attack uses cloned Microsoft imagery to trick people into giving away their Office 365 login details.
  • The attack imitates file share and audio notification emails from Microsoft Teams.
  • The attack uses several URL redirects that take people to a convincing fake login page.

A new phishing attack was discovered toward the end of last week that aims to steal people's Office 365 login details. The attack used cloned imagery to send convincing emails that pretends to be Microsoft Teams notifications. Clicking on links within the emails goes through several URL redirects to cover up the attack and ends up on a realistic fake Office 365 login page. The page asks people to log in to their Office 365 account, but actually just steals people's login details. Abnormal Security first discovered and reported on the attack.

The phishing attack is particularly dangerous because millions of people are using Microsoft Teams for the first time due to the current global health crisis. With Microsoft Teams reaching 75 million daily active users recently, tens of millions of people are using the service for the first time. As a result, many people won't be familiar with what types of notifications the service sends out. Even if someone is familiar with Microsoft Teams, the phishing attack uses cloned imagery from Microsoft that is convincing.

Image 1 of 2
Microsoft Teams Phishing Abnormal Security

Abnormal Security summarizes how convincing images and URL redirects create an effective attack:

The email and landing page the attackers created were convincing. The webpages and the links the email direct to are visually identical to legitimate Microsoft Teams and Microsoft login pages. Recipients would be hard-pressed to understand that these sites were set up to misdirect and deceive them to steal their credentials.

On May 1, 2020, Abnormal Security reported that between 15,000 and 50,000 inboxes received emails as part of the phishing attack. Abnormal Security highlights that because Microsoft Teams is linked to Office 365, a successful phishing attack on a person's Microsoft Teams account could also grant access to people's Office 365 account. The firm states, "Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user's Microsoft credentials via single-sign on."

To keep yourself protected, make sure the check the URL and source of emails and websites. For example, one attack comes from an email attache to "sharepointonline-irs.com." That website is not affiliated with Microsoft or the IRS. Some of the other URLs used look less convincing, but you should always keep an eye out when clicking on links as some might have URLs that seem reasonable.

Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_. 

Latest in Office 365
Microsoft Word logo in Windows 11 Search.
Microsoft quietly tests free, ad-supported version of Office apps for Windows with limited functionality
Microsoft 365 Copilot
Microsoft's new 'Microsoft 365' rebranding has us all perplexed. Again.
American football using Microsoft technology
How Microsoft 365 excelled my American football team to back-to-back northern championships
Microsoft Office
Final Microsoft 365 Insider blog post marks end of an era... sort of
Microsoft Word open on an HP Spectre x360 16 (2024)
Do you need to buy all of Office or is Word enough?
Microsoft PowerPoint on an iPhone
Microsoft's new iOS widget brings recently accessed Office 365 files directly to your home screen
Latest in News
The Backbone One Xbox Edition mobile controller which is translucent green
Backbone launches Xbox version of its popular mobile controller — it's green!
Office 365 on Razer laptop
Microsoft Office apps are about to get a speed boost
NVIDIA CES 2025
You should be worried about NVIDIA’s launch strategy for its most popular GPUs. Here's why.
Two hands holding a gaming handheld
This new gaming handheld could be perfect for Xbox Cloud and more reasonably priced than my current go-to
Cloud servers
Microsoft has killed "several" data center projects in the U.S. and Europe, according to reports — Microsoft responds (Updated)
Photo of Microsoft's new sign-in page for Xbox.com using the Microsoft Edge browser.
Over one billion users will get a new Microsoft user experience, and it has a dark mode