Skip to McMaster Navigation Skip to Site Navigation Skip to main content
McMaster logo

Office of the AVP & CTO

INFORMATION TECHNOLOGY SECURITY

Social Engineering over Teams

The Canadian Centre for Cyber Security and Microsoft are advising for heightened awareness pertaining to social engineering attacks over Microsoft Teams.

If you receive messages over Microsoft Teams to provide your Multifactor Authentication (MFA) code/number or chat requests from unfamiliar users (e.g. external users masquerading as a technical support or security team), please report Microsoft Teams phishing immediately to is-spam@mcmaster.ca

 

As shown in the screenshots above, the attackers posed as “Microsoft Identity Protection” as an external user masquerading as a technical support or security team.

“McMaster will never ask for your Multifactor Authentication (MFA) code/number.”

(Screenshot of fraud Microsoft Teams chats requested from a Midnight Blizzard-controlled account Source: Microsoft.com)

 

 

Help us keep your account secure We detected a recent change applied to your preferred Multi-Factor Authentication (MFA) methods. For your security and to ensure only you have access to your account, we will ask you to verify your identity. Open you Authenticator app and enter the number: 81

“McMaster will never ask for your Multifactor Authentication (MFA) code/number.”

(Screenshot of fraud Microsoft Teams prompt with a code and instructions. Source: Microsoft.com)

 

More information and details are available on the Microsoft website: https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/

 

 Phish Bowl