If there’s one company that has been targeted by fraudsters more than anyone else, it’s Microsoft. From customer support scams to impersonation and phishing attacks, the company’s services are constantly under threat. Recently, even Russian-sponsored hackers have been able to violate Microsoft and steal sensitive information.
Microsoft Services as a whole is the main target, but what stands out is the team. This collaboration tool is used by over 300 million people worldwide, making it a goldmine for attackers. Hackers use it to spread phishing, bising, and quickening campaigns and rely on social engineering tactics to trick victims into sharing private, sensitive data.
Get security alerts, expert tips – Sign up for our cart newsletter – Cyber ​​Guy Report here
Microsoft Teams apps on your smartphone home screen (Kurt “Cyberguy” Knutsson)
Rising attacks against users of Microsoft teams
Cybercriminals are increasingly targeting users of Microsoft teams with sophisticated attack methods. One such technique involves malicious GIF images that exploit worm-like vulnerabilities, where attackers take over their account and intrude into the chat session when the image is opened.
Hackers also insert files containing malware into the chat thread and download DLL files that trick users into enabling system takeover. Phishing campaigns leverage compromised accounts or domains to send deceptive invitations, encouraging victims to download harmful files.
Some attackers use email bombing and vising, shaming technical support to overwhelm users with spam email before allowing remote access. A compromised email address and stolen Microsoft 365 credentials provide another entry point for unauthorized access.
Additionally, external access settings for Microsoft teams are often used by external users to start chats and meetings, but they can be leveraged if they are not properly restricted. Another common tactic is to send phishing links through team chat, which often disguises invoices and payment notifications, leading to ransomware infections.
Woman carrying a Microsoft laptop (Kurt “Cyberguy” Knutsson)
9 Ways Scammers Try to Deceive You Using Your Phone Number
Beware of fake jobs too
Scammers have been implementing fake employment schemes for a while, but their tactics continue to evolve. Recently I’ve reported how fake job emails are being used to install Crypto Mining software that slows down your computer. Now they are using Microsoft Teams Chat to trick people.
It usually starts with an email about work, followed by suggestions for conducting interviews through the team. The first red flag is that the entire interview takes place in chat without video or phone. You will then be asked to submit your details through Google Doc, which will “be hired” and often request personal information such as your Social Security or tax number. Some victims are being asked to purchase equipment for work, pay employment fees, and buy gift cards. This is a classic indication that the whole thing is a scam.
Woman working at a Microsoft laptop (Kurt “Cyberguy” Knutsson)
Spotify playlists are hijacked to promote pirated software and scams
Six ways to stay safe from scammers targeting Microsoft teams
1) Avoid opening suspicious links or attachments. Beware of unsolicited links and attachments, especially in chat messages and emails. Cybercriminals often use these to provide malware or phishing links. Do not click on any links you think are unusual or come from unknown sources.
The best way to protect yourself from malicious links to install malware is to install antivirus software on all devices, as it may access your personal information. This protection can also warn you that it will phish email and ransomware scams and keep your personal information and digital assets safe. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.
2) Check the red flag of the job offer: If you receive job postings that seem to be untrue, the better, or if you have an interview conducted entirely via chat without a phone or video conference, it is possible to be fraudulent. there is. Legitimate companies typically use multiple communications to conduct interviews.
Jobs that claim only text-based conversations are the main red flag. Other warning signs include requests to provide personal information through Google Docs, requests to pay for equipment, payments to secure work as part of the hiring process, or purchasing a gift card. Included.
3) Use a strong and unique password: Make sure your Microsoft 365 and other accounts are protected with a strong password. Consider using two-factor authentication to add an additional layer of protection against unauthorized access. It is also recommended to use a password manager to generate and store complex passwords.
4) Beware of personal information: Never share sensitive personal information such as social security numbers or tax information through unsecured or unsolicited channels such as Google Docs and Team Messages. Always check the validity of such requests.
5) Report suspicious activity: If you notice suspicious activity on your Microsoft Teams account or receive an unusual job offer, please report it immediately. Quick action can prevent potential violations and further compromises. Notify the IT department or related authorities to ensure that appropriate measures can be investigated and implemented.
6) Review IT Support Requests: Beware of unsolicited messages or calls that claim to be from IT Support, especially those seeking software installation or granting remote access. Cybercriminals often impersonate IT staff, deploy ransomware and steal sensitive data. Always check such requests with your actual IT department before taking action. If you are in doubt, use your message and leave the phone in place.
Energy-saving scams use Elon Musk’s name – this is the truth
Important points of cart
Scammers and hackers aren’t slowing down, so staying sharp is the only way to get ahead. When something feels bad like a job that seems too good, it sounds untrue, random teams can make it sound like they’re not true, with messages with sketchy links or interviews that are just chats. Trust your instincts. You should always be aware of external messages and invite them to receive them with the Microsoft Team. Even if it seems like it’s from someone you know, it’s best to double-check, especially if it includes files, links, or chat invitations you didn’t expect to receive.
Should Microsoft do more to prevent team phishing and spoofing fraud? Please let us know by writing to cyberguy.com/contact.
For more information about my tech tips and security alerts, head to cyberguy.com/newsletter and subscribe to our free Cyberguy Report newsletter.
Please ask Cart questions or tell us what stories you would like us to cover.
Follow your cart on his social channels:
Answers to the most asked Cyber ​​Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.
