As the threat landscape continues to evolve, Managed Service Providers (MSPs) are seeing a new, sophisticated phishing campaign targeting Microsoft Teams users. In a recent Cyber Call, we discussed how attackers are blending spam floods, impersonation tactics, and Teams’ default settings to trick users into installing remote access software like AnyDesk.
Here’s how the attack works: victims are hit with a wave of spam to create confusion. Threat actors, often using LinkedIn or company websites to gather information, then impersonate IT support and initiate Microsoft Teams chats or meetings. Because Teams allows external communication by default, the attacker gains easy access to internal staff. The attacker poses as a helper addressing the “email issue” and convinces the victim to install a remote tool—providing them full access to internal systems. From there, it’s just a few clicks away from data theft or ransomware.
These attacks are especially effective against high-value individuals like executives, and they thrive on urgency and distraction. The phishing tactics are credible, well-researched, and personalized—making traditional training alone insufficient.
MSPs must take action. First, educate clients about this specific attack pattern. Raise awareness that unsolicited Teams messages—even ones that appear helpful—should be verified through official channels. Next, reinforce security awareness training with real-world scenarios and up-to-date content focused on social engineering tactics.
Technical defenses are essential. MSPs should audit their clients’ Microsoft Teams settings and consider disabling or restricting external messaging. Enforce MFA across all systems, ensure endpoint protection is in place, and inventory assets regularly. Review incident response plans to ensure they’re not just theoretical, but tested and ready to deploy.
Lastly, evaluate vendor agreements and data-handling policies to understand where responsibilities lie. MSPs that take these steps now can protect their clients from falling victim to one of the most sophisticated phishing threats we’ve seen in recent months.
The bottom line? The Teams phishing attack is here, and it’s targeting the tools your clients rely on most. But with education, smart configuration, and vigilance, MSPs can turn this challenge into an opportunity to strengthen trust and resilience across their client base.
