Phishing for Microsoft


A new phishing attack that mimics Microsoft Teams has just been discovered. The campaign targets victims who need to access payroll data through the platform.

The attack is hosted on Microsoft’s landing page and redirects users to another page once the button is clicked.

phishing microsoft acreto

The fraudulent landing page resembles a legitimate Microsoft Teams login page and prompts users to enter their login credentials to access payroll data.

Once the credentials are entered, the phishing site extracts the information to compromise their accounts. Even though the credentials are correct, an “invalid login credentials” alert pops up. The data is then successfully stolen.

Acreto Solution


Ecosystems deliver a dedicated security infrastructure that can be deployed per application, use-case, project or third-party. An Ecosystem inherently limits access only to users, devices, systems and applications that need to interoperate together.

Ecosystems support any technology, on any network, anywhere in the world. These include computers, mobile devices, IoTs, Offices, Clouds, SaaS and Data Centers.

Eliminate the Internet Attack Surface

Eliminates any and all access from the Internet while Ecosystem members can interoperate with authorized systems and applications.

Eliminate the Internal Attack Surface

Ecosystems can easily isolate individual or groups of systems on a shared network or entire networks, to limit access only to systems that need to interoperate together.

Access Control

Acreto’s access controls provide Authorization access to the Ecosystem by a user’s identity, including MFA. By using MFA, even if a user’s credentials are compromised, the attacker will not be able to access the target resource without the additional authentication factor.

Threat Prevention

After verification of the network protocol, port, application protocol and application program, a deep inspection is performed on all communications. The effectiveness of this method is amplified by inline Encrypted Secure Scan. Threat prevention capabilities utilize two key methods:

  • Threat Signature: Identifies and mitigates known bad exploits, malware, botnets and ransomware.
  • Zero-Day Behavioral Analysis: Looks for behavioral indications of threats based on how the system functions react to the payload, immediately and over time.


Technical Data

  • The phishing page first checks if the visitor is a human to block security scans of identifying the phishing page.
  • The phishing attack is hosted on a landing page at payroll-microsoft365-access-panel-2023[.]softr[.]app/ which redirects to azaleastays[.]com/devr365web2023/
  • The fake landing page gives the user an “invalid credentials” warning after victims provide all of their legitimate login details. In this step, the attacker has successfully stolen the credentials.


About Acreto

Acreto delivers full-stack cybersecurity without products, logistics or significant security expertise. It creates and consolidates the best of cybersecurity into a single plug-and-play platform with automated updates to stay ahead of threats. Acreto activates enterprise-grade security instantly, so organizations can run safely, easily, and without interruption.

About The Author: Acreto Threat Labs

Interested in seeing Acreto SASE+Plus in action? Let’s start with some basic information.

    Interested in seeing Acreto SASE+Plus in action? Let’s start with some basic information.

      Interested in seeing Acreto SASE+Plus in action? Let’s start with some basic information.

        Interested in seeing Acreto SASE+Plus in action? Let’s start with some basic information.