How are hackers exploiting Microsoft Teams for scams?

Hackers are creating finance-themed Microsoft Teams with obfuscated names and using the 'Invite a Guest' feature to send official-looking emails that prompt users to call fraudulent support numbers.

What is the main tactic used in this Microsoft Teams scam?

The scam relies on social engineering, using urgent, finance-related language and official-looking Microsoft messages to trick users into calling fraudulent support numbers to steal credentials, rather than using phishing links or malware.

Which countries were most affected by the Microsoft Teams scam?

The United States was most affected, accounting for nearly 68% of incidents, followed by Europe with 15.8% and Asia with 6.4%.

Home / Technology / Hackers Use Teams Guest Invites for Fraud

Hackers Use Teams Guest Invites for Fraud

29 Jan

•

Summary

Attackers exploit Microsoft Teams guest invites for scams.
Obfuscated team names bypass detection and trick users.
Scammers use fraudulent calls to steal credentials.

Hackers Use Teams Guest Invites for Fraud

Cybercriminals have adopted a new strategy, exploiting Microsoft Teams' legitimate 'Invite a Guest' feature to distribute scam emails. These attackers meticulously craft finance-themed or urgent billing team names, often employing obfuscation techniques like mixed Unicode characters or visually similar symbols. This clever tactic allows the malicious team names to evade automated detection systems while still appearing normal to unsuspecting users.

Once a deceptive team is established, the attackers utilize the 'Invite a Guest' function to dispatch official-looking Microsoft emails directly to their targets. These messages are designed to appear credible, significantly increasing the likelihood of user engagement. The phishing emails instruct recipients to contact a fraudulent support number concerning supposed subscription or billing issues. During these calls, the perpetrators actively attempt to glean login credentials or other sensitive data that could grant access to corporate email accounts and internal systems.