Protect yourself from phishing in Microsoft Teams 

Lyle Docherty
Tuesday 4 February 2025

Phishing isn’t just limited to email anymore—attackers are constantly evolving their tactics. One of the latest trends involves sending malicious messages through platforms like Microsoft Teams. As Teams becomes an integral part of how we communicate and collaborate, it’s crucial to stay vigilant against these potential threats.

Here’s what you need to know about identifying phishing attempts in Teams and what to do if you are targeted.

Why are scammers using Microsoft Teams?

Attackers know that many of us trust platforms like Microsoft Teams for internal communication. By impersonating colleagues or using convincing messages, they aim to trick you into clicking harmful links, downloading malicious files, or sharing sensitive information. It’s important to approach unexpected or unusual messages with the same caution you’d apply to suspicious emails.

Four signs to watch for

1. Messages from Unknown or Unusual Contacts

Are you receiving a message from someone outside your usual circle of colleagues or Teams? Does the sender claim to be someone senior but use an informal tone or make unusual requests?

2. Unexpected Links or Attachments

Be cautious with any links. Hover over them to see if the URL matches the expected destination. If it looks strange or mismatched, don’t click. Be wary of attachments you didn’t request, especially files with odd names.

3. Urgent or Pressure Tactics

Messages that create urgency such as “Act immediately to avoid consequences!” this is a classic phishing strategy. Attackers want you to act quickly without thinking things through. 

4. Strange Language or Formatting

Does the message contain spelling errors, odd phrasing, or unfamiliar formatting? These could be signs of a scam.

What to do if you receive a phishing message

  • Pause before taking action. Avoid clicking links, opening attachments, or responding to the message.
  • Verify the sender. Use another method, such as email or phone, to confirm the sender’s identity and the validity of the message.
  • Report the message. Notify the IT Security Team via by taking a screenshot and reporting it to [email protected]
  • Block and delete. Once reported, remove the message to prevent further interaction.

Phishing attacks can compromise both personal and organisational security. It is important to remain vigilant and report anything you see that you are suspicious of. Microsoft Teams is an essential tool for our day-to-day work and collaboration, and it is vital that we ensure it remains a safe and secure platform for our users.

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.