05 May 2020

Security Notice: Microsoft Teams

Subscriptions on the up

There’s no doubt that you will have seen the Microsoft Teams adverts played on TV over the last few weeks. This advert, coupled with the increase in demand for remote working tools and availability of a new consumer subscription, has lead to a significant rise in the use of Microsoft Teams.

Information Risk Management (IRM) would like to provide some security advice for those using the tool based on recent discoveries in the news and from what we’re witnessing with clients.

*Please feel free to copy and paste this notice to communicate the advice to employees within your organisation*

We have received a significant number of notifications regarding phishing campaigns that are spoofing Microsoft Teams messaging in order to harvest credentials.

Fraudsters are crafting very realistic messages that mimic automated notification emails from Microsoft Teams. These emails attempt to lure people to spoofed landing pages that use cloned images or that contain links to a document that appears to come from an established source.

In some instances, if you click on the link, it takes you to a page that looks like an Office 365 landing page and asks you to input your logon credentials – which are then harvested by the attackers.

Image source: HelpNet Security

Single-sign on risks

As Microsoft Teams and Microsoft Office 365 are linked, the attacker may have access to other business sensitive information via single sign-on.

Please be particularly cautious of links to online conferencing tools. Whilst Microsoft Teams is being heavily targeted at this time, it only stands to reason they will also go for other online tools, e.g. GoToMeeting, Skype for Business, WeTransfer etc.

Be wary

Be cautious at all times. Check carefully before accepting any links and, in the first instance, check with the organiser of the meeting for confirmation.

If a suspicious email is sent to you, notify your IT department so they can warn others. If you open an email and/or click any of the links, inform your IT department immediately.

If you have any questions or concerns about the security of using online platforms, contact us at hello@irmsecurity.com