In a previous article, MS Solutions warned of the upsurge in phishing via SharePoint links that target Microsoft 365 users. In the past few days, more than 50,000 Microsoft 365 users have been targeted in a new campaign – Microsoft Teams notification-like phishing.  

Beware of Microsoft Teams Push Notifications 

As Microsoft Teams is one of Microsoft’s most popular tools, and is in especially high demand in the current era of telecommuting, it is essential to be vigilant. The phishing campaign using Microsoft Teams looks like an automatic email notification from Teams, telling you that you missed a call in the interface. This email tells you that your employees are trying to contact you through the platform. People who don’t see the deception click “reply in Teams” and the link directs them to a phishing page, dedicated to retrieving sensitive user data.   

Crucially, the landing page looks like a Microsoft login page, so it is very important to be extra vigilant before entering your credentials.

When in doubt about such an email, users should make it a habit to simply check their Teams app for possible chats or missed communications. This “risk avoidance” technique is also a great trick against more general phishing attacks.

Educate and Train Your Work Teams About Phishing Attempts 

Unfortunately, phishing emails are becoming more and more realistic, so it is very important to educate your employees about the risks posed by phishing attempts. To do this, we recommend that you perform a phishing simulation, as well as take dedicated training for your work teams.

Do not hesitate to contact one of our cybersecurity experts, who can prevent unnecessary threats and help you avoid malicious phishing campaigns. As a result, the company responsible for your cybersecurity will be able to regularly send out phishing simulations designed to assess the vigilance of each employee with regard to email attacks.