There is a new phishing attack making the rounds. These notifications are sent using the display name: "There's new activity in Teams" to make it look like an automated notification from the messaging platform. The fake message is designed to convince the potential victim that a member of their Microsoft Teams community is trying to get in contact with them.
The reply option labeled "Reply in Teams" leads the victim to a fake Microsoft login page where user credentials are harvested, allowing the fraudsters to access the account and gather more information, according to the report.
The link to the landing page looks convincingly like a Microsoft login page with the start of the URL containing 'Microsoft Teams,' lending further credence.
How you can protect yourself and your organization:
Please exercise caution and
check all links (you can hover your mouse over links to see where they actually
“point”) before clicking on them to ensure they’re taking you to the site you
expect.
If
you receive a message from what appears to be a trusted source that provides
you with a login link, the safer option is to go directly to the site to login
instead of using the provided link.
If your end users haven’t completed end user security awareness training in the past year, there’s no better time to get that done! If you are a SPOT Managed IT Services client, end user security awareness training is FREE! Feel free to reach out to us for assistance.