Watch out for fake support calls in Microsoft Teams

Summary

A new campaign is targeting Microsoft Teams users by sending emails with survey invitations. Upon opening an attached PDF, users receive a fake Microsoft Support call that tricks them into installing a remote access tool and the EtherRAT Trojan, allowing scammers to steal sensitive data.

IFF Assessment

FOE

This campaign facilitates the theft of sensitive data and installation of malware, directly harming users and organizations.

Defender Context

This incident highlights a common social engineering tactic leveraging popular communication platforms like Microsoft Teams. Defenders should educate users about the risks of unsolicited survey requests and unexpected support calls, emphasizing the importance of verifying caller identity and never granting remote access or installing software based on such requests. Organizations should also consider implementing stricter controls or monitoring for suspicious activity within their Teams environments.

Read Full Story →