In fact, the attack aims to steal Office 365 recipients’ login credentials. Teams are Microsoft’s popular collaboration tool, which has particularly improved in popularity among distant workforces throughout the pandemic — which makes it an increasingly appealing brand for attackers to impersonate. This specific campaign was sent to between 15,000 to 50,000 Office 365 users, according to researchers with Sudden Security on Thursday.”Since Microsoft Teams is an instant-messaging service, recipients of this notification might be more apt to click it so that they can respond quickly to whatever message they believe that they could have missed dependent on the notification,” said researchers at a Thursday investigation. The first phishing email displays the name”There’s a new action in Teams,” which makes it look like an automated notification from Microsoft Teams. As seen from the image below, the email tells recipient that their teammates are trying to reach them, warning them they’ve missed Microsoft Team chats and showing an instance of a teammate conversation that asks them to submit something by Wednesday of the week (Threatpost has reached out to Abnormal Security on if the teammate chats used in the phishing email are valid or fake). The phishing emails. Credit: Sudden SecurityTo react, the email urges the recipient to click on the”Reply from Teams” button — However, this leads to a page.” Within the body of the email, there are 3 links appearing as Microsoft Teams’,'(contact) delivered a message in instant messenger’, and reply in Teams’,” according to investigators. “Clicking on any of these contributes to a fake site which impersonates the Microsoft login webpage. The phishing page asks the recipient to enter their password and email.”Researchers explained the malware landing page also looks structurally similar to a Microsoft login page using the start of the URL containing”microsftteams.” If recipients are convinced to input their Microsoft credentials into the webpage, they’re unwittingly handing them to attackers, who can then use them for a range of malicious purposes — such as account takeover. With the ongoing pandemic, worries about cyberattackers leveraging business-friendly cooperation brands such as Microsoft Teams, Zoom and Skype have been piqued. In May, a convincing campaign who impersonated notifications from Microsoft Teams so as to steal the Office 365 credentials of employees circulated, with two separate attacks that targeted as many as 50,000 unique Teams users. Microsoft is top of the heap when it comes to hacker impersonations — together with Microsoft products and services comprising in almost a fifth of global manufacturer phishing attacks in the next quarter of the year. Attackers are also using sophisticated tactics — including visual CAPTCHAS to goal Office 365 consumers and token-based authorization approaches.