Microsoft Teams Hijacked to Steal Credentials

A newly uncovered phishing campaign has seen Microsoft Teams hijacked by cybercriminals using the platform’s native guest-invite feature to deploy malicious content under the guise of trusted Microsoft services. Attackers create fake teams with alarming financial references and invite victims via legitimate Teams email addresses, bypassing standard security checks like SPF, DKIM, and DMARC.

One ploy included a team titled “Subscription Auto-Pay Notice” paired with a false invoice and a support number prompting users to call. The campaign leverages vishing tactics, avoiding malicious links entirely. Instead, it uses deceptive text and visual obfuscation to lure victims into calling fake helplines.

Researchers logged nearly 13,000 phishing emails at the attack’s peak, with the majority targeting U.S.-based companies. Manufacturing, IT, and education sectors were hit hardest. The campaign highlights security gaps in collaboration platforms. Organizations are urged to train employees to spot suspicious Teams invites.

Read the full report: https://cybersecuritynews.com/teams-to-deliver-malicious-content/