Skype and Teams “Notification” Emails are Probably Fraudulent

Since so many people are now working from home, there have been persistent attempts to phish credentials from user of Skype (and other services, like Slack, Zoom, WebEx, or even just email) across the Internet. Since Berry uses Microsoft Office365, Skype for Business is part of our licensed portfolio of apps. If you use Skype, be wary of emails informing you of pending Skype notifications.

The email is well crafted and attempts to convince you to click on a “Review” button to see your notifications. With mostly accurate colors and fonts, it looks like any other notification you might receive from Microsoft. It may also even have the Berry logo at the bottom of the email.

If you click on the “Review” button, you will be presented with a login screen that appears to be secure, but it is not hosted on a Microsoft site. The last part of the domain it is hosted on is “.app”, which is a Google managed domain.

In general, do not click on links in notification messages (or any other email messages). Simply log in to the web site or service, and if you do have messages, they will be there.

UPDATE (5/4/2020): Since Skype for Business is being replaced by Teams, the phishing emails now purport to be notification from Teams.

If you haven’t signed up for multi-factor authentication (MFA), what are you waiting for? This adds an additional layer of protection to your Berry account and lets you keep the same password for a whole year! Setup take only a few minutes. Make your request by emailing computing@berry.edu to tell them you want MFA!

If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. Remember you can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the Q&A section, where you can ask a question and get an answer directly from me, and the events calendar where events like tables in Krannert and LunchITS will be posted (whenever we get to do that again!).

 

(Visited 2 times, 1 visits today)