Social Engineering over Teams

Posted on August 3, 2023

The Canadian Centre for Cyber Security and Microsoft are advising for heightened awareness pertaining to social engineering attacks over Microsoft Teams.

If you receive messages over Microsoft Teams to provide your Multifactor Authentication (MFA) code/number or chat requests from unfamiliar users (e.g. external users masquerading as a technical support or security team), please report Microsoft Teams phishing immediately to is-spam@mcmaster.ca

As shown in the screenshots above, the attackers posed as “Microsoft Identity Protection” as an external user masquerading as a technical support or security team.

“McMaster will never ask for your Multifactor Authentication (MFA) code/number.”

(Screenshot of fraud Microsoft Teams chats requested from a Midnight Blizzard-controlled account Source: Microsoft.com)

Help us keep your account secure We detected a recent change applied to your preferred Multi-Factor Authentication (MFA) methods. For your security and to ensure only you have access to your account, we will ask you to verify your identity. Open you Authenticator app and enter the number: 81

“McMaster will never ask for your Multifactor Authentication (MFA) code/number.”

(Screenshot of fraud Microsoft Teams prompt with a code and instructions. Source: Microsoft.com)

More information and details are available on the Microsoft website: https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/

Phish Bowl

Office of the AVP & CTO

INFORMATION TECHNOLOGY SECURITY

Social Engineering over Teams

Phishing Text Scam: Notice of Toll Evasion

Phishing Email Scam: Zoom Meeting Invite

Phishing Email Scam: Private Donation

Policies

Support & Contact

Accessibility

Social Engineering over Teams

Related News

News Listing

Phishing Text Scam: Notice of Toll Evasion

Phishing Email Scam: Zoom Meeting Invite

Phishing Email Scam: Private Donation