Microsoft Teams impersonation - fake notification of teammates trying to reach you

Technology brands such as Microsoft are among the top targets impersonated by phishers, as they are well-known and widely used. In this case, the email notifies the recipient that their teammates are trying to reach them in Microsoft Teams. However, a closer look reveals that the message comes from an address unrelated to Microsoft.

Meanwhile, the link leads to the search engine Bing, containing a redirect that takes you to the malicious website. In this case, the malicious website contains a fake Microsoft login page, requesting account login information. If submitted, the attackers could gain access to the victim's account.

Sometimes, links in phishing emails redirect you to a malicious website via a legitimate service. This is often done to bypass spam filters or to make the link seem less suspicious.

Off the Hook

• It's good to consider the "story" the email presents and whether other details in the message match it.
• Check the sender's address. Examining the sender's address is often a great way to spot a phishing email. Check that the sender's address makes sense in the context of the email and that it doesn't contain typos or misspellings.
• Sometimes attackers use a technique called "typo-squatting", registering fake domains with names similar to legitimate services. For instance, in the place of "paypal.com," an attacker could register "paypa1.com" and use it to send phishing emails, hoping the victim won't notice the difference.
• Verify the link. Additionally, verify the link leads to where the email claims by hovering over it with your cursor. If you have doubts, manually navigate to the service's website instead.

Hoxhunt empowers your employees to shield your organization from threats. Our phishing training is trusted by the world’s leading cybersecurity professionals - maximizing training outcomes by serving every user a personalized learning path that measurably changes behavior.