Close this search box.

Beware of Phishing Attacks via Microsoft Teams

Avatar photo

Microsoft Teams Phishing Attempts

Unfortunately, researchers at AT&T Cybersecurity recently uncovered a concerning trend: attackers are leveraging Microsoft Teams, a widely used communication platform, to execute phishing attacks. While many users are familiar with traditional phishing via email, the risk within Microsoft Teams chats is often overlooked.

Moreover, according to KnowBe4, by default, Teams allows External Access. This setting enables users to add individuals from outside their organization to chats. This feature, while convenient for collaboration, has become a new avenue for malicious actors to exploit untrained or unaware users.

In a recent incident observed by AT&T Cybersecurity, attackers utilized a compromised “.onmicrosoft[.]com” domain to send seemingly legitimate messages containing malicious files. These files were disguised as innocuous PDFs. However, they were actually designed to install DarkGate malware when opened, posing a significant threat to unsuspecting users.

Protecting Yourself Against Microsoft Teams Phishing Attacks

To mitigate the risk of falling victim to phishing attacks via Microsoft Teams, it’s crucial to take proactive measures to enhance your cybersecurity posture. Here are actionable steps you can implement:

Security Awareness Training

Firstly, educate yourself and your team about the latest phishing tactics, including those targeting Teams. Invest in security awareness training programs to equip employees with the knowledge and skills to recognize and avoid social engineering tactics.

Verify Sender Identity on Microsoft Teams

Before interacting with any message or file received via Teams, verify the sender’s identity and scrutinize the content for any signs of suspicious activity. Pay attention to email addresses, domain names, and file extensions to identify potential phishing attempts. A good rule of thumb is if you don’t know it, don’t click it.

Exercise Caution with External Access

In addition, be cautious when enabling External Access in Microsoft Teams, and consider restricting this feature to trusted contacts only. Regularly review and manage external guest access permissions to minimize the risk of unauthorized individuals infiltrating your organization’s communications.

Implement Multi-Factor Authentication (MFA)

Also, strengthen authentication measures by implementing multi-factor authentication across all user accounts within your organization. MFA adds an extra layer of security by requiring users to verify their identity using multiple methods, such as a password and a verification code sent to their mobile device.

Keep Microsoft Teams Software Updated

Finally, regularly update Teams and all related software to ensure you have the latest security patches and enhancements. Patch management plays a crucial role in protecting against known vulnerabilities exploited by attackers.


By staying vigilant and implementing these proactive measures, you can reduce the likelihood of falling victim to phishing attacks via Microsoft Teams. Remember, cybersecurity is a shared responsibility, and every individual plays a crucial role in safeguarding sensitive information and preventing unauthorized access. Stay aware, stay protected, stay resilient.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Airiam Partners with UnderDefense to Set a New Benchmark for Cyber Resilience

[March 28, 2024] – Airiam, a leader in cybersecurity and resilience solutions has today announced its partnership with an innovative Managed Detection and Response (MDR) provider, UnderDefense, to set a new benchmark for cyber resilience in businesses.
Vivian Lee
>>Read More

How to Recover From a Ransomware Attack with Immutable Backups

Ransomware attacks have been on the rise over the last decade, and businesses have failed to find a one-size-fits-all approach to eliminating the threat. Prevention is better than cure, but with criminal hackers are tenacious and flexibility, it’s not
Jesse Sumrak
>>Read More

Airiam Ransomware Recovery Guarantee

The Scourge of Ransomware In recent years, ransomware attacks have become a growing threat to businesses of all sizes. A ransomware attack is a type of cyberattack in which the attacker encrypts the victim’s data and demands a ransom payment in order t
Avatar photo
Bill Bowman
>>Read More