Cybercriminals are increasingly using Microsoft Teams to trick employees into giving them access to systems, data, or credentials. These scams often look legitimate, and attackers frequently impersonate IT staff or other trusted internal contacts.
How the Scam Works
Attackers may:
- Send unexpected or suspicious messages in Teams, pretending to be IT, HR, management or a coworker
- Claim there is an issue or urgent action needed, such as:
- Account, device, email, or password problems
- Systems configuration or security issues
- Fraudulent Teams meeting invites requesting you to review or approve quotes, product orders, delivery schedules, or other business items
- Pressure you to act quickly, such as "fixing an urgent issue", "verifying your identity", or "preventing account lockout"
- Ask you to open links, download files, or provide login information through fake "verification" pages or malicious documents
- Attempt to gain remote control of your computer by asking you to use remote-support tools such as TeamViewer, AnyDesk, LogMeIn, or QuickAssist
Attackers often make their messages look official, using Microsoft branding, real employee names, or files that appear legitimate. These tactics are designed to lower your guard and gain access to sensitive systems.
How to Protect Yourself
- Be cautious of unsolicited technical help - especially if you didn’t report a problem.
- Verify the sender through an official channel such as the help desk, ishelp@utmb.edu, a known phone extension, or your manager.
- Do not start remote sessions using the applications mentioned above unless you opened a support ticket and are expecting assistance.
- Avoid clicking unexpected links or opening unfamiliar files sent through Teams.
- Report suspicious Teams messages immediately to the Security Operations Center at cirt@utmb.edu.
Takeaway
Microsoft Teams is a powerful collaboration tool, but scammers increasingly try to misuse it. Always verify unexpected messages or requests, especially those asking for quick action. When something doesn’t look right, report it to cirt@utmb.edu.