Medium
Microsoft Teams is being used as a lure in a phishing campaign discovered by researchers that is taking advantage of an increased remote workforce. The body of the phishing email is almost identical to a legitimate Microsoft Teams notification email. The subject line is different and, significantly, the sender is not a Microsoft email address. The link in the body of the email points to a campaign-archive.com URL. This page provides a secondary link to supposedly view an unread Microsoft Teams message. Victims who click this link are redirected to a copy of the Microsoft login page. After entering credentials into the fake form and hitting submit, victims are further redirected to the legitimate Office website. At this point, the entered credentials were likely exfiltrated to the threat actors.
104[.]118[.]190[.]227