- Hackers Create Finance-Themed Teams to Deceive Users Without Using Phishing Links
- Masked team names bypass automated detection while appearing normal to targets
- Scam phone calls attempt to extract login credentials and sensitive information
Attackers are now abusing legitimate Microsoft Teams features to reach users without using traditional phishing links, according to a new study.
CheckPoint experts found that the campaign begins when hackers create new teams with financial-themed or urgent billing names, often incorporating obfuscation techniques such as mixed Unicode characters or visually similar symbols.
These tactics allow malicious team names to bypass automated detection while still appearing normal to users.
How Hijacking Leads to Email Access
Once attackers have assembled the team, they use the “Invite a Guest” feature to send official-looking Microsoft emails directly to targets, making the invitations credible and increasing the likelihood of user interaction.
Phishing messages ask recipients to call a fraudulent support number to resolve supposed subscription or billing issues. During these calls, attackers attempt to extract login credentials or sensitive information that can be used to access corporate email accounts.
Unlike traditional phishing, the campaign avoids malicious links or malware attachments and instead relies on social engineering to compromise accounts.
The combination of official Microsoft messaging and urgent finance-related language creates a higher level of trust, making standard firewall protections less effective without user vigilance.
Users should treat any unexpected Teams invitations with caution, especially if team names include payment amounts, invoices, phone numbers, or an unusual format.
Obscured characters, inconsistent spelling, or large print displays designed to attract attention are strong warning signs.
Organizations that widely use such online collaboration tools should ensure that their staff receive training to recognize these subtle red flags and report suspicious invitations immediately.
Malware removal procedures and multi-layered email security can provide additional protection, but human attention remains essential to avoid compromise.
However, even with firewalls and security controls in place, attackers continue to adapt their tactics to exploit trusted collaboration platforms.
Vigilance, staff awareness and timely reporting are essential to prevent this type of social engineering from succeeding.
Check Point says the attack targeted organizations across multiple industries, including manufacturing, technology, education and professional services.
Teams users around the world should remain vigilant to reduce the risk of exposure to email accounts or other internal systems.
The analysis indicates that affected organizations were concentrated in the United States, accounting for nearly 68% of incidents.
Europe followed with 15.8%, Asia with 6.4% and smaller shares appeared in Australia, New Zealand, Canada and Latin American countries.
In Latin America, Brazil and Mexico saw the highest activity, together accounting for more than 75% of regional incidents.
Although the attackers do not appear to be deliberately targeting specific industries, the campaign demonstrates how trusted collaboration platforms can be exploited.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
