Microsoft warns that attackers are impersonating corporate helpdesk staff inside Teams to trick employees into handing over network access.
Microsoft is warning enterprise employees that threat actors are increasingly abusing Microsoft Teams to impersonate internal IT helpdesk staff, using the platform's own legitimate features to gain unauthorized access to corporate networks.
The attack arrives as an unsolicited Microsoft Teams chat or call from an account that appears to belong to your company's IT support desk. The display name may read something like "IT Helpdesk" or "Support Team," and the message is crafted to sound urgent and routine at the same time:
Once the target engages, the attacker uses legitimate remote-access or collaboration tools — the kind already trusted by corporate security filters — to move deeper into the network. Because the conversation happens inside Teams itself, employees are far less likely to question its authenticity.
Real-time fraud intelligence and free tools related to this topic
ScamRadar · Blog · Scam Database · About