Microsoft Teams is being hacked to crack Office 365 accounts - here's how to stay safe

Sead Fadilpašić

May 17, 2023 at 7:31 AM·2 min read

Researchers have discovered more ways to abuse Microsoft Teams to steal Office 365 user credentials by spreading malware, a new report has claimed.

New Proofpoint findings have claimed hackers can abuse the Tabs feature, used to synchronize between Microsoft Teams and Calendar, and the Teams API, to deliver droppers, or phishing pages, to unsuspecting victims.

The Tabs feature providers Teams users with quick access to different tools, such as OneDrive. As the default tabs can’t be moved around, users can get used to different ones and use them without second-guessing their benign nature. However, there is a way to move the default tabs, which cybercriminals could use to swap the legitimate ones with malicious ones. In one such example, Proofpoint says, a “Website” tab could point towards a malicious landing page where victims could end up giving away their Office 365 credentials.

Abusing meetings

The Website tab can also be changed to point to a file, which would get automatically downloaded on click. Cybercriminals could abuse this functionality to deliver droppers, the researchers said.

Microsoft Teams meeting invites can also be weaponized - when a member creates an online meeting, the platform generates multiple links and sends to the invitees. With the help of Teams API calls, a threat actor would be able to swap the legitimate links for malicious ones.

> This brutal hacking tool could steal virtually all of your logins

> Best authenticator apps today: add an extra layer of online security

> These are the best ID theft protection solutions right now

Crooks can also go for a different approach, using Teams API or user interface to weaponize existing links in sent messages. In this scenario, the hyperlink that the victims receive wouldn’t change, just the URL behind it, making discovery even more difficult.

While the researchers are warning that these methods are dangerous, they stressed that in order to be effective, the attackers need to obtain a Teams account beforehand.

These are the best firewalls right now

SportsYahoo Sports
WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not
Here are five franchises who stood out, for better or for worse.
2d ago
SportsYahoo Sports
Indianapolis Star columnist Gregg Doyel apologizes after awkward, uncomfortable interaction with Caitlin Clark
Gregg Doyel flashed a heart sign at Caitlin Clark at her introductory press conference on Wednesday afternoon to kick off an incredibly strange back-and-forth.
10h ago
SportsYahoo Sports
Nike responds to backlash over Team USA track kits, notes athletes can wear shorts
The new female track uniform looked noticeably skimpy at the bottom in one picture, which social media seized upon.
4d ago
SportsYahoo Sports
Boban Marjanović hilariously misses free throws on purpose to give Clippers fans free chicken
Boban Marjanović is a man of the people.
3d ago
SportsYahoo Sports
2024 Masters payouts: How much did Scottie Scheffler earn for his win at Augusta National?
The Masters has a record $20 million purse this year.
3d ago
SportsYahoo Sports
UFC 300: 'We're probably gonna get sued' after Arman Tsarukyan appeared to punch fan during walkout
'We'll deal with that Monday,' Dana White said about Arman Tsarukyan appearing to punch a fan during his UFC 300 walkout.
4d ago
SportsYahoo Sports
Rob Gronkowski's first pitch before the Red Sox's Patriots' Day game was typical Gronk
Never change, Gronk.
3d ago
SportsYahoo Sports
76ers' statue for Allen Iverson draws jokes, outrage due to misunderstanding: 'That was disrespectful'
Iverson didn't get a life-size statue. Charles Barkley and Wilt Chamberlain didn't either.
5d ago
EntertainmentYahoo Movies
'Sasquatch Sunset' is so relentlessly gross that people are walking out of screenings. Star Jesse Eisenberg says the film was a ‘labor of love.’
“There are so many movies made for people who like typical things. This is not that," the film's star told Yahoo Entertainment.
6d ago
SportsYahoo Sports
MLB Power Rankings: Braves, Yankees surge to the top, followed by Dodgers, Orioles, Brewers
Let's identify one player exceeding expectations for each team through the first few weeks of 2024.
2d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Microsoft Teams is being hacked to crack Office 365 accounts - here's how to stay safe

Abusing meetings

Recommended Stories

WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not

Indianapolis Star columnist Gregg Doyel apologizes after awkward, uncomfortable interaction with Caitlin Clark

Nike responds to backlash over Team USA track kits, notes athletes can wear shorts

Boban Marjanović hilariously misses free throws on purpose to give Clippers fans free chicken

2024 Masters payouts: How much did Scottie Scheffler earn for his win at Augusta National?

UFC 300: 'We're probably gonna get sued' after Arman Tsarukyan appeared to punch fan during walkout

Rob Gronkowski's first pitch before the Red Sox's Patriots' Day game was typical Gronk

76ers' statue for Allen Iverson draws jokes, outrage due to misunderstanding: 'That was disrespectful'

'Sasquatch Sunset' is so relentlessly gross that people are walking out of screenings. Star Jesse Eisenberg says the film was a ‘labor of love.’

MLB Power Rankings: Braves, Yankees surge to the top, followed by Dodgers, Orioles, Brewers