The Record reported:
Russian cybercriminals are adopting a scam in which they pose as tech support on Microsoft Teams to convince victims they have an IT issue before tricking employees into allowing them to install ransomware on the targets’ computer networks.
In a couple of cases the Teams communication was a voice call, “in others it’s been a video call,” said Gallagher, but the victims themselves weren’t paying particular attention to who was calling or where from, mostly believing that the calls were from a legitimate outsourced support provider.
Alongside these social engineering approaches, the fake support staff were also sending text messages on the Teams chat function, often including links to things that the adversary would use one they tricked the victim into providing them with remote control — often using Microsoft’s own tools, either QuickAssist (for the Storm-1811 crew) or directly through Teams screen share (for the group with links to FIN7).
In a couple of cases the Teams communication was a voice call, “in others it’s been a video call,” said Gallagher, but the victims themselves weren’t paying particular attention to who was calling or where from, mostly believing that the calls were from a legitimate outsourced support provider.
Alongside these social engineering approaches, the fake support staff were also sending text messages on the Teams chat function, often including links to things that the adversary would use one they tricked the victim into providing them with remote control — often using Microsoft’s own tools, either QuickAssist (for the Storm-1811 crew) or directly through Teams screen share (for the group with links to FIN7).
Find the original article with tips of what to do here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat