Cyber Security

Phishing with Microsoft Teams

Criminals try to carry out phishing attacks via fake links and malicious attachments in Teams chats.

Frank von Stetten · 19.02.2025
Microsoft Teams Phishing Attacker

Many people only think of phishing in terms of emails. But in fact, it's all about victims clicking on a link or opening a file with malicious code, regardless of the app. Of course, phishing also works in text messages and chats. And currently, criminals have discovered Microsoft Teams for themselves.

In Teams, you can be contacted by external people in chat, which is definitely beneficial for communicating with customers and suppliers. However, attackers are now increasingly using this function for phishing attacks. To do this, they register with Microsoft Teams under a fake name. They then research information in social networks and write to their victims via Teams in a very targeted manner, as a supposed supplier, customer or very often as a recruiter.

Sending malicious files in Teams

MS Teams Phishing

Microsoft has actually disabled the "send files via chat" feature for external communication partners. Well, actually. But security researchers have found a way to reactivate this function after all. This means that criminals could also send malicious files to their victims via Teams. "I have an incredible job offer for you, it's a perfect fit, let me send you more info in a file". This is exactly how one or the other ransomware encryption has started.

Microsoft has acknowledged the vulnerability with a shrug and has not commented on whether it will be closed in the near future.

Beware of unknown externals in Teams!

Please be particularly vigilant if external third parties send you a link or maybe even a file in chats, even and especially if the person is just talking to you on the phone. The attackers build up a plausible story through research, call their victims, sometimes even with a video, engage them sympathetically in a conversation and then send the link or the file in passing. In such a situation, the victims do not even think about a possible attack and therefore do not pay attention to possible indicators. And that's exactly what the criminals are counting on.

At least, Teams clearly marks external persons with an "External" behind their name. This makes it very easy to detect attacks in which the attacker is posing as an internal colleague.

Matching IS-FOX trainings

We cover the topic of phishing with Microsoft Teams in two of our cyber security e-learning nuggets

  • Secure use of Microsoft Teams: this chapter contains many more valuable tips on secure use of Teams in group meetings and when sharing files.
  • Phishing - Next Level: the ideal extension for those who already have years of phishing training under their belt. Here we unmask the really sophisticated attacks, such as those using Teams with a simultaneous call.

As always, you can find these chapters in our demo area.

 

The most effective and lasting employee training

Boost awareness of cyber security, data protection, compliance, and workplace safety with engaging content that truly sticks.
 

   Watch demo           Let's talk   

More know-how on security awareness

E-learning knowledge from our blog

Data Protection
data protection refresh

How to repackage familiar GDPR content into exciting online courses.

Read more
E-Learning
Ein Bild auf welchem die Mitarbeiter ihre Daumen hoch zeigen

Find out how companies can properly motivate their employees to complete an e-learning course on cyber security, data protection or compliance.

Read more
E-Learning
Illustration basics e-learning, scorm and lms

In this article, we explain the technical terms Scorm, LMS and e-learning course.

Read more
Testing of SCORM Modules Preview

Technical settings and tips for LMS administrators

Read more