How hacker gangs abuse Microsoft Teams for social engineering attacks to target companies
Ransomware gangs are exploiting Microsoft Teams' default permissive external access settings to conduct sophisticated social engineering attacks. They flood victims with spam emails, then impersonate IT support via fake Microsoft tenants to trick users into executing malicious PowerShell commands that steal data and compromise systems.
**Share this technique with your employees. The targeted people will not be IT. Consider blocking external Teams access in your admin settings to avoid fake "help desk" accounts. Advise that teams should check back with their IT via a well known channel and never run commands or programs sent via Teams messages from an unknown person, even if they claim to be from IT support.**
#cybersecurity #infosec #scam #phishing #activephishing
https://beyondmachines.net/event_details/how-hacker-gangs-abuse-microsoft-teams-for-social-engineering-attacks-to-target-companies-0-2-h-k-4/gD2P6Ple2L
BeyondMachines :verified:
npub1k0…ufvzu
2025-08-18 12:01:07 UTC
Author Public Key
npub1k0e4qe43k60xwvqduvnhntmw8p3aa8sfrg46pw4ja4jc8gqt3vgqmufvzuSeen on
wss://relay.momostr.pinkPublished at
2025-08-18 12:01:07 UTCEvent JSON
{
"id": "a10623cb599da333f3625c06da7bb3ee5b904a59b3f19d542c0980dd7b504b52",
"pubkey": "b3f35066b1b69e67300de32779af6e3863de9e091a2ba0bab2ed6583a00b8b10",
"created_at": 1755518467,
"kind": 1,
"tags": [
[
"t",
"cybersecurity"
],
[
"t",
"infosec"
],
[
"proxy",
"https://infosec.exchange/@beyondmachines1/115049658282816315",
"web"
],
[
"t",
"phishing"
],
[
"t",
"scam"
],
[
"t",
"activephishing"
],
[
"proxy",
"https://infosec.exchange/users/beyondmachines1/statuses/115049658282816315",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/beyondmachines1/statuses/115049658282816315",
"pink.momostr"
],
[
"-"
]
],
"content": "How hacker gangs abuse Microsoft Teams for social engineering attacks to target companies\n\nRansomware gangs are exploiting Microsoft Teams' default permissive external access settings to conduct sophisticated social engineering attacks. They flood victims with spam emails, then impersonate IT support via fake Microsoft tenants to trick users into executing malicious PowerShell commands that steal data and compromise systems.\n\n**Share this technique with your employees. The targeted people will not be IT. Consider blocking external Teams access in your admin settings to avoid fake \"help desk\" accounts. Advise that teams should check back with their IT via a well known channel and never run commands or programs sent via Teams messages from an unknown person, even if they claim to be from IT support.**\n#cybersecurity #infosec #scam #phishing #activephishing\nhttps://beyondmachines.net/event_details/how-hacker-gangs-abuse-microsoft-teams-for-social-engineering-attacks-to-target-companies-0-2-h-k-4/gD2P6Ple2L",
"sig": "bf3b95c9c26f43e0a543ce7497895e79330c7d534608e9d9b7a23b9d746bbdb037a2e37c52fbb87d6be022a40e0a867aae5007ab33c1b6543e4f0b3c14886937"
}