Watch out for fake support calls in Microsoft Teams
Summary
A new campaign is targeting Microsoft Teams users by sending emails with survey invitations. Upon opening an attached PDF, users receive a fake Microsoft Support call that tricks them into installing a remote access tool and the EtherRAT Trojan, allowing scammers to steal sensitive data.
IFF Assessment
This campaign facilitates the theft of sensitive data and installation of malware, directly harming users and organizations.
Defender Context
This incident highlights a common social engineering tactic leveraging popular communication platforms like Microsoft Teams. Defenders should educate users about the risks of unsolicited survey requests and unexpected support calls, emphasizing the importance of verifying caller identity and never granting remote access or installing software based on such requests. Organizations should also consider implementing stricter controls or monitoring for suspicious activity within their Teams environments.