Microsoft Teams Hijacking: A New Wave of Cyber Attacks
Attackers are now exploiting legitimate Microsoft Teams features to trick users into divulging sensitive information, without relying on traditional phishing links. According to research by CheckPoint, this campaign involves creating finance-themed Teams with obfuscated names, which bypass automated detection while appearing normal to targets.
The attackers use the “Invite a Guest” feature to send official-looking Microsoft emails to targets, making the invitations appear credible and increasing the likelihood of user interaction. The phishing messages instruct recipients to call a fraudulent support number to resolve supposed subscription or billing issues. During these calls, attackers attempt to extract login credentials or sensitive information that can be used to access corporate email accounts.
How the Hijack Leads to Email Access
Once the attackers set up the team, they use social engineering tactics to compromise accounts. The combination of official Microsoft messaging and urgent, finance-related language creates a higher level of trust, making standard firewall protections less effective without user vigilance. Users should treat any unexpected Teams invitations with caution, especially if the team names include payment amounts, invoices, phone numbers, or unusual formatting.
Obfuscated characters, inconsistent spelling, or large-font displays designed to draw attention serve as strong warning signs. Organizations that use online collaboration tools widely need to ensure staff receive training to recognize these subtle red flags and report suspicious invitations immediately. Malware removal procedures and layered email security can provide additional protection, but human attention remains critical in preventing compromise.
Global Reach and Industry Impact
The attack has targeted organizations across multiple industries, including manufacturing, technology, education, and professional services. Teams users worldwide must maintain heightened awareness to reduce the risk of exposing email accounts or other internal systems. Analysis indicates that the affected organizations were concentrated in the United States, accounting for nearly 68% of incidents. Europe followed with 15.8%, Asia with 6.4%, and smaller shares appeared in Australia, New Zealand, Canada, and LATAM countries.
Within Latin America, Brazil and Mexico experienced the highest activity, together representing over 75% of regional incidents. While the attackers do not appear to target specific sectors deliberately, the campaign demonstrates the scale at which trusted collaboration platforms can be exploited. For more information on this emerging threat, click here to learn more about the Microsoft Teams hijacking campaign and how to protect your organization.
Image Credit: www.techradar.com