publishing date icon
January 13, 2023
read time icon
2 min

Microsoft Teams impersonation - fake notification of teammates trying to reach you

Phishing emails impersonating technology brands like Microsoft are common as they are well-known and widely used. In this case, an email notifying the recipient of a message from their teammates on Microsoft Teams is sent from an unrelated address. To protect against phishing, consider the "story" of the email, check the sender's address and ensure it makes sense, and verify the link by hovering over it or manually navigating to the website. Attackers may use typos or misspellings in the sender's address or a technique called "typo-squatting" to register fake domains similar to legitimate services.

Vanguard

Threat Analyst Team

Technology brands such as Microsoft are among the top targets impersonated by phishers, as they are well-known and widely used. In this case, the email notifies the recipient that their teammates are trying to reach them in Microsoft Teams. However, a closer look reveals that the message comes from an address unrelated to Microsoft.

Meanwhile, the link leads to the search engine Bing, containing a redirect that takes you to the malicious website. In this case, the malicious website contains a fake Microsoft login page, requesting account login information. If submitted, the attackers could gain access to the victim's account.

Sometimes, links in phishing emails redirect you to a malicious website via a legitimate service. This is often done to bypass spam filters or to make the link seem less suspicious.

Off the Hook

  • It's good to consider the "story" the email presents and whether other details in the message match it.
  • Check the sender's address. Examining the sender's address is often a great way to spot a phishing email. Check that the sender's address makes sense in the context of the email and that it doesn't contain typos or misspellings.
  • Sometimes attackers use a technique called "typo-squatting", registering fake domains with names similar to legitimate services. For instance, in the place of "paypal.com," an attacker could register "paypa1.com" and use it to send phishing emails, hoping the victim won't notice the difference.
  • Verify the link. Additionally, verify the link leads to where the email claims by hovering over it with your cursor. If you have doubts, manually navigate to the service's website instead.
Subscribe to our newsletter