Fake IT Support Scams Spread On Microsoft Teams

New reports show how hackers are targeting Microsoft Teams, a platform used as a daily communication tool for millions of employees.

Instead of relying only on email scams, cybercriminals have resorted to Teams as it provides them with the ideal environment to trick people into giving them access.

“In recent months, we have observed a growing number of campaigns abusing Microsoft Teams to deliver malicious payloads,” said researchers at Permiso. The attacks usually begin with a direct message or call from what looks like an IT support person. These fake accounts often carry names such as IT SUPPORT or Help Desk to look convincing. Some even copy the style of legitimate accounts to make themselves appear official.

These attacks usually start through direct messages or calls that appear to come from IT support personnel. These accounts impersonate the support team using names such as ‘Help Desk’ and ‘IT SUPPORT’. The researchers say that these fraudulent accounts appear authentic since they mimic the appearance of authorized and official accounts.

“Since its release in early 2017, Microsoft Teams has been widely adopted,” and because people trust the platform, they’re less suspicious. That trust is exactly what hackers are taking advantage of.

The scam is fairly simple. After getting in touch with the victim, the attackers pretend to provide assistance with technical difficulties. The attacker then demands that the victim download remote access software through QuickAssist or AnyDesk. As the victim grants permission the attackers obtain complete control of the. Finally, malware is installed.

The researchers point out how this malicious software can do serious damage. Specifically, the malware enables password theft, grants hidden access to the computer, and even crashes the entire system if defenders try to stop it. After gaining entry the hackers can also deploy ransomware or other tools to lock systems and demand payment.

The group behind these campaigns has been linked to dangerous malware families such as DarkGate and Matanbuchus. Security experts track them under names like EncryptHub, LARVA-208, or Water Gamayun. Their main targets are English-speaking IT staff, software developers, and people working in the Web3 space.

Experts say these scams are so effective because of the “appearance of authority” and the “familiarity of the platform.” Put simply, users tend to trust messages within Teams because of their familiarity with the platform, which hackers use to their advantage.