Microsoft Teams Phishing is a growing Cyber Threat for 2022

Simar Kohli
March 2, 2022

Hackers are using sophisticated new techniques to breach organizations via Microsoft Teams. Although this article is focused on Microsoft Teams, many organizations using Slack are also facing an onslaught of phishing attacks. Check out our blog post on Slack phishing here.

Phishing attempts are at an all-time high and continue to grow

As more of our personal and work lives move online, the amount of cyber threats to data privacy and security continues to grow as well. There were more data breaches than ever before in 2021, and that number is likely to continue to increase in 2022 and beyond. Although most people think of hacking as a scary looking person frantically typing away at a terminal, the reality is that 61% of security breaches involve compromised credentials according to Verizon’s 2021 Data Breach Investigation Report.

The vast majority of compromised credentials are obtained through social engineering attacks, a method where hackers will use psychological techniques to manipulate victims into disclosing private information. The most common form of social engineering is traditional email-phishing, but several other forms of phishing are becoming increasingly common. Three trending forms of phishing are smishing, vishing, and spearphishing.

Smishing refers to SMS-based phishing where hackers will send victims a fraudulent text message, often containing a malicious link,  while posing as someone else. Vishing refers to voice-based phishing where hackers make phone calls or leave voicemails in order to trick people into disclosing information. Finally, spear phishing is an extremely targeted form of phishing where social engineers will do considerable research on their victims in order to create a more realistic persona. Traditional phishing typically involves casting a wide net, but spearphishing campaigns are tailored towards specific individuals.

Phishing has been a major issue for companies for a long time, but it reached new heights in 2021. 83% of organizations experienced a successful email-phishing attack in 2021, a huge increase from 57% the year prior. Companies also experienced major increases in smishing, vishing, and spearphishing attacks in 2021 as compared to years past. This rise in threat activity is not expected to stop, and hackers have found new targets for 2022 and beyond.

Microsoft Teams is a major target for hackers

As companies continue to adopt remote work tools such as Microsoft Teams and Slack, those tools have become increasingly lucrative breach avenues for malicious parties. Microsoft Teams became the leading workplace collaboration software in 2019 and it has continued to grow exponentially since then, particularly after the onset of the Covid-19 pandemic. Microsoft Teams has reached a whopping 270 million monthly users in 2022, so there are plenty of people for hackers to target. 

One reason why breaching someone’s Microsoft Teams account is so valuable is that most organizations use Microsoft Teams in conjunction with Office365 with the same login for both. Office365 includes Word, Outlook, Excel, and other software that is likely to contain company secrets. Office365 documents may also include sensitive customer data such as PHI or other private information. Given the potential goldmine contained within an organization’s Microsoft Suite, it makes sense hackers are increasingly targeting Teams users.

How hackers are breaking into Teams accounts

It may come as no surprise that social engineering is the primary method breachers use to infiltrate Microsoft teams. Microsoft is the most impersonated company for phishing attempts making up 43% of fraudulent company emails sent to users. Fake emails from Microsoft asking users to log into their Teams account is an extremely common problem for enterprises. Although most organizations train employees on recognizing and preventing phishing, many of these Microsoft scams are advanced enough to trick tech-savvy users.

Hackers are even taking advantage of current events to break into people’s Microsoft accounts. People are receiving emails supposedly from Microsoft claiming there has been a login to their account from an IP address based in Russia. The emails contain a ‘report suspicious login attempt’ button that will then allow the user to respond to the email. Users that respond will be asked for login details or payments to reinstate control of their accounts, at which point the social engineering attack has succeeded.

How to secure Microsoft Teams and protect your organization

Although companies are training people to recognize situations where there may be business email compromise, not enough organizations are educating employees on the possibility of a Teams account compromise. People are much more likely to trust links and attachments in a Teams Message as opposed to an email. Although Microsoft has some malware protection in place within Office365, it is not anywhere near foolproof.

The best way to secure Microsoft Teams is equipping your employees with the knowledge they need to prevent social engineering. We wrote a guide on 5 ways to prevent social engineering which you can check out here. Training people to recognize and prevent phishing is the best defense against the most prominent threats organizations face. Even the most secure systems in the world are useless if the people using them are not aware of best cybersecurity practices.

For a great employee training platform that is relevant to modern work and the threats remote and hybrid companies face every day, check out Haekka! Our founders Travis Good M.D. and Ryan Rich had decades of cybersecurity experience prior to creating Haekka. For more information about training, cybersecurity, or compliance schedule a demo today!