Abnormal Security researchers stated, “Should the recipient fall victim to this attack, this user’s credentials would be compromised. Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user’s Microsoft credentials via single-sign on.”
Microsoft Teams Phishing Attack: What Does This Mean for Healthcare Users
Microsoft Teams is a HIPAA compliant platform, and as such it is permitted to be used by healthcare organizations. Since the Microsoft Teams phishing attack was so widespread, it is likely that some of their healthcare users were targeted. Should a user from a healthcare organization fall victim to the phishing attack, hackers would be able to access the users network. This could potentially compromise the organization’s protected health information (PHI).
With hackers becoming more sophisticated in perpetrating phishing attacks, it has become more difficult to recognize a phishing email. The Microsoft Teams phishing attack points to the need for robust employee training.