As Microsoft Teams continues to skyrocket in growth, hackers are going to flock to the service.
We wrote recently about how a compromise at a partner organization almost took down a global financial institution.
That, Avanan analysts believe, is a novel Teams attack that will explode in 2021, and why we believe that investing in Microsoft Teams security is so critical.
.
But it's not the only way to leverage Teams to steal credentials.
The Attack: Avanan researchers discovered a new phishing email that looks like this:
If you click, it takes you to a login page that is just there to steal your credentials.
Though Avanan stopped this attack, it passed by ATP's scanners.
Why it Matters: This is a typical phishing email that is meant to steal your Microsoft credentials. The hacker could then use it to infiltrate email, Teams or anything else. It's not a Teams-based attack.
However, it is taking advantage of a now-commonly sent email. If you use Microsoft Teams, you could be added to a new group a day. You could be invited by co-workers or partner organizations. All of this is common, even expected.
That makes it highly likely that someone will click and enter their credentials.
Hackers will continue to find ways to leverage Teams—and any other hot app, like DocuSign, Slack or Amazon—to steal credentials, which is one of the main goals of any hacking attempt.
Having email security that understands this—and can stop these attacks—is absolutely critical.
