Up to 50,000 Office 365 / Microsoft 365 users are being targeted by a phishing attack. The phishing attack pretends to notify them of a “missed chat” from Microsoft Teams.
The email then prompts a response by clicking on the button in the email, which leads to the attackers webpage.
The webpage, which looks similar to the Microsoft login page then requests the users login details. If provided these login details are then passed straight to the attackers which they can use to take over the account, steal files / emails and any other sensitive data that can be accessed by the account.
A reminder on how to spot phishing emails can be found in one of our earlier posts here Spot suspicious emails
There is also some free training from the NCSC which can help staff to keep safe, click here
For further details about the attack and an image of a sample email click here
Concerned about the security of your systems and would like more help?