Perspectives

Skype's demise creates new method of spoofing and malware - malicious Microsoft Teams invites

The demise of Skype and people switching to Microsoft Teams is producing a new wave of socially-engineered malicious activity using spoofed email meeting requests, some with attachments.

Now that Skype has Skype has been retired by Microsoft, people who once used the voice and video platform for meetings have been told to switch to Microsoft Teams.  So instead of seeing a message notification in Skype, it is now much more common to see in your inbox a calendar notification email with time blocked out tentatively on your calendar.  Because meetings often require associated subject matter for the meeting, attachments and links are also quite typical. 

It is both this increased frequency post-Skype, and the normality of having attachments for meetings that make them an ideal vector for malicious activity - something that is being exploited as the switchover from Skype happens. 

Because these attacks start from your inbox, they also lend themselves to spoofing.  In the attack highlighted in this post, the Meeting Request email is from 'Microsoft Billing Support'.  The subject line is Action Required: We couldn't process your Microsoft subscription.  'Action required' emails and others calling for an urgent response are a common approach used by malicious actors, usually calling for action - like clicking on a link, or opening an attachment that ostensibly 'verifies' why you need to take action.

Examining the Microsoft Billing Support email, it is apparent that it is from a compromised domain and not from Microsoft.  But if you had gone to your calendar, you'd have seen the spoofed email, not the actual email address. And for those of you who report these types of domains, you'll see the Deceptive site ahead warning as shown in the header of this article. In this instance, it was from the site s4.tsacademyplus.co.im/.

 Spoofed Email

What to do: 

If you are checking either you inbox or calendar and see a new calendar meeting request from someone you don't recognise, be wary.  But perhaps even more insidiously, the most common instances of compromised systems come from socially engineered emails - these are emails that you 'recognise', so you let your guard down.  Be doubly aware of meeting requests that you didn't initiate, agree to, weren't expecting, or where the meeting is about something that could be resolved in some other way - a quick text, message, or email. As with standard online good hygiene, be particularly aware of attachments.  When you get an unexpected Microsoft Teams Meeting email, switch your default reaction to sceptical and treat it as malware.  If it's from a vendor with which you have dealings, check on their site first, or follow up up via a different method to validate the request without clicking. 

If it's from a stranger or an unknown source, my recommendation would be to mark the email as junk.

Take care with Microsoft Teams Invites so that you don't get a nasty surprise. 

Details
Category: Blog
Published:
Hits: 215
Subscribe
Show comment form

From Our Blog

  • Ten years of working with the African Leadership Institute

    In this industry, clients often hire for a project, and when the project is done, that’s the end of the relationship. Projects can last a few weeks or months, and then it’s turned over. It’s seldom that clients develop the trust and a working relationship that lasts a decade, but it’s a milestone that’s been accomplished at Coherent Marketing.

    In 2013, the African Leadership Institute wanted to transition from a web 1.0 site to something that would better reflect the work they did in developing the next generation of world-class African leaders through their flagship programme, the Archbishop Tutu Leadership Fellowship.

    Read more …

  • Falling foul of copyright ambulance chasers

    When selecting a vendor to provide website development or digital communications, make sure that they provide services that prevent your organisation from legal action due to possible copyright infringement. More importantly, your vendor should help your organisation put in place processes to ensure you manage images and music, understand digital rights and licenses, and save the licenses for images you use.  This is true for digital content used on your website or in social media posts.  Choosing a vendor just because they had a really, really low price to produce your website - but expose you to copyright claims - becomes a quick method to discover that you get what you pay for.

    Artificial Intelligence (AI) now makes it easier for copyright trolls to threaten organisations for use of an image they have used online. Here's how to avoid that.

    Read more …

  • Unveiling Joomla: A Journey Through Its Origins and Impact

    As we embark on a journey into the realm of content management systems, one name stands out prominently: Joomla. In this article, we delve into the roots of Joomla, its etymology, and its significance in the digital landscape.

    Let's commence our exploration with the name itself. While Joomla may seem like a coined term to some, its origins trace back to the Swahili language, particularly the word "jumla," meaning "all" or "as a whole." This linguistic connection not only adds depth to Joomla's identity but also reflects its inclusive nature, catering to diverse communities across the globe.

    Read more …