NIX Solutions reports: A wave of attacks on Microsoft corporate chat accounts

The massive shift of employees to remote work around the world in connection with measures to contain the pandemic has provoked a sharp increase in the use of corporate chat Microsoft Teams with the recently introduced video conferencing feature, says Rossaprimavera.

A noticeable increase in the number of service users has attracted the attention of network fraudsters. Abnormal Security reports that it has recorded a mass mailing of letters that completely copy the appearance of official Microsoft service messages, but with links to fraudulent addresses.

The scheme of network fraud scheme is very high quality, as experts say. Not only the type of letters, but also the domain addresses to which links from the letters lead look like real ones. The pages on which the user is prompted to enter their account information under one sauce or another, copy the similar ones from Microsoft completely.

In addition, fraudsters have used a number of technical means, such as multiple forwarding, to trick automatic anti-spam systems.

According to Abnormal Security, from 15 to 50 thousand letters were sent. However, it is not known how many accounts were stolen.

Experts note that despite the typical attack scheme, it is quite effective. Firstly, a lot of people have just started using the messenger. Lack of experience increases the success rate of the fraudulent scheme, says NIX Solutions.

Secondly, the same account is used to access Teams and for Microsoft 365 – a cloud service that combines the ability to work with documents, a corporate portal and e-mail, as well as network storage. Thus, hacking an account can also lead to leakage of internal correspondence, or documents of companies using the service.