Watch Out for This Microsoft Teams Phishing Scheme

Microsoft Teams is an essential component of modern work. If your business uses Microsoft 365 apps, you likely use Teams to communicate, too. While Microsoft Teams is perfectly safe to use for business communications, you must always remain vigilant. This latest phishing scheme is the latest example as to why.

Black Basta, a cybercrime organization, has taken advantage of the trust users give Microsoft Teams in a new phishing and ransomware scheme. Black Basta members would target users by spamming their email addresses with junk mail: The victim would not be able to use their email, essentially, as their inbox would constantly be full of these junk messages.

These Black Basta members then contact the victim by phone, impersonating a member of IT from the victim’s company. The scammer either convinces the user to install AnyDesk on their computer, a program that lets another user control that person’s machine remotely, or gets the user to open Windows Quick Assist tool. Either way, the scammer can now deploy malware payloads onto the victim’s PC, launching the ransomware attack.

This has been done before, but what’s new about this scheme is that Black Basta members are now targeting users through Microsoft Teams: The scammer will look legitimate, since they’ll appear to be a member of the company’s IT department. After all, the message is coming through Teams, so the victim will likely assume the user is who they say they are. Reports indicate that upon further analysis, it’s quite obvious the user is fraudulent: Scammers would add “*.onmicrosoft.com” to their tenants (e.g.“securityadminhelper.onmicrosoft.com”), and change their screen name to “Help Desk” moved to the center of the chat window by using whitespace characters.

Still, this is an effective technique: You’re busy at work, and likely wouldn’t think twice about a message coming from IT on Teams (especially if you’re stressed out about an inbox filling up with spam). Scammers are counting on overwhelming you, so you don’t see the red flags, and let them into your machine, only to lock you out of it.