Phishing emails impersonating technology brands like Microsoft are common as they are well-known and widely used. In this case, an email notifying the recipient of a message from their teammates on Microsoft Teams is sent from an unrelated address. To protect against phishing, consider the "story" of the email, check the sender's address and ensure it makes sense, and verify the link by hovering over it or manually navigating to the website. Attackers may use typos or misspellings in the sender's address or a technique called "typo-squatting" to register fake domains similar to legitimate services.
Threat Analyst Team
Technology brands such as Microsoft are among the top targets impersonated by phishers, as they are well-known and widely used. In this case, the email notifies the recipient that their teammates are trying to reach them in Microsoft Teams. However, a closer look reveals that the message comes from an address unrelated to Microsoft.
Meanwhile, the link leads to the search engine Bing, containing a redirect that takes you to the malicious website. In this case, the malicious website contains a fake Microsoft login page, requesting account login information. If submitted, the attackers could gain access to the victim's account.
Sometimes, links in phishing emails redirect you to a malicious website via a legitimate service. This is often done to bypass spam filters or to make the link seem less suspicious.
Off the Hook
Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and evolving phishing threats in the ever-changing landscape.