While it is a known fact that phishing, business email compromise, and collaboration-tool based attacks are becoming more and more prevalent, it is even more interesting to see all three trends within one attack. In the attack described below, we see BEC, Spear Phishing & Collaboration Examples and how the attacker combines common impersonation techniques with the growing adoption of collaboration tools across all enterprises.
Perception Point intercepted a Microsoft phishing attempt which was also concealed by spoofing, which is a BEC-oriented attack. The spoofed address and the cover email were related to Microsoft Teams, a workstream collaboration app from Microsoft.
The email was first sent from a fake customer address. The attacker changed the display name, hoping the victim will not identify the email as a phishing attack.
When the end user clicks the “Reply in Teams” link, it connects him to a Microsoft phishing site.
Although the trigger is an MS Teams URL since Teams is part of the complete Office 365 suite, a regular Microsoft phishing site is enough to mislead the user.
Perception Point’s multi-layer detection technology detected these spear phishing examples with two different engines. First, our BEC engines identified the attempt to spoof the domain name. Second, our image recognition engine detected the attempt to steal the credentials of the end-user.
Recommendations
(1) Remember that collaboration tools can be also leveraged against your organization. Educate users to remain just as vigilant when communicating within collaboration channels as they are with email.
(2) Make sure passwords are regularly changed.
(3) Implement prevention solutions to ensure the phishing attack is stopped before it even gets in front of your employees.
