September 09, 2020
IT Networks recently received a fake Microsoft Teams invitation to join a “Collaborative Team” … from IT Networks! Needless to say we did not set up or invite ourselves to join that Team however this scam may work in a larger organisation or somewhere just starting to make use of Teams.
Fake Microsoft Teams Invitation
The Invitation may appear to come from within your organisation as an attempt to get your staff to click on the “Accept” button which then re-directs them to a web page outside your organisation. This is a phishing attack to trick your staff into signing in with their username and password.
Warning Signs this is a hoax/scam:
- Poor punctuation where it doesn’t belong
- Company name incorrect (We are “IT Networks”)
- Hovering over the “Accept” button shows a link to an external site, in our case: http://column.kurasiku.jp
One way to reduce the risk of your staff being tricked is to add a warning or label to external email. This might be enough to alert users that all is not what it seems.
Ensuring multi-factor authentication is enabled for all users will prevent any external access to your data if someone does fall for the scam and give up their login details.