Home / Technology / Hackers Use Teams Guest Invites for Fraud
Hackers Use Teams Guest Invites for Fraud
29 Jan
Summary
- Attackers exploit Microsoft Teams guest invites for scams.
- Obfuscated team names bypass detection and trick users.
- Scammers use fraudulent calls to steal credentials.
Cybercriminals have adopted a new strategy, exploiting Microsoft Teams' legitimate 'Invite a Guest' feature to distribute scam emails. These attackers meticulously craft finance-themed or urgent billing team names, often employing obfuscation techniques like mixed Unicode characters or visually similar symbols. This clever tactic allows the malicious team names to evade automated detection systems while still appearing normal to unsuspecting users.
Once a deceptive team is established, the attackers utilize the 'Invite a Guest' function to dispatch official-looking Microsoft emails directly to their targets. These messages are designed to appear credible, significantly increasing the likelihood of user engagement. The phishing emails instruct recipients to contact a fraudulent support number concerning supposed subscription or billing issues. During these calls, the perpetrators actively attempt to glean login credentials or other sensitive data that could grant access to corporate email accounts and internal systems.
This sophisticated campaign deviates from conventional phishing methods by deliberately avoiding malicious links or malware attachments. Instead, it relies heavily on social engineering and psychological manipulation to compromise user accounts. The combination of seemingly official Microsoft communication and urgent, finance-related language fosters a heightened sense of trust, rendering standard firewall protections less effective. Consequently, heightened user vigilance is critical in identifying and reporting these subtle red flags, such as unusual formatting or suspicious payment-related information in team invitations.
Research indicates that this attack has impacted organizations across various sectors, including manufacturing, technology, education, and professional services worldwide. While attackers do not appear to target specific industries deliberately, the campaign highlights the broad vulnerability of trusted collaboration platforms. The affected organizations were primarily concentrated in the United States, representing nearly 68% of incidents, followed by Europe (15.8%) and Asia (6.4%). Brazil and Mexico showed the highest activity within Latin America. Vigilance, staff awareness training, and prompt reporting remain essential defenses against this evolving threat.
