Cybercriminals are always looking for new ways to sneak into your organization’s systems, and one of their latest tricks involves Microsoft Teams. This collaboration tool is widely used for messaging, calls, and video meetings—but scammers are exploiting its settings to impersonate internal IT staff.
Here’s how the scam works: You receive an unexpected Teams call from a user labeled something like “IT SUPPORT” or “Help Desk.” To appear convincing, the profile may even include a checkmark emoji or other details that look official. The caller urgently warns you of a supposed problem with your computer and insists it needs to be fixed right away.
But here’s the catch—this isn’t your company’s IT department. It’s a scammer taking advantage of Teams’ default configuration, which can allow external users to reach you. If you answer and follow their instructions, the fraudster will likely ask you to install remote-access software. Once installed, they can take control of your device, harvest your login credentials, spread malware, or even move deeper into your company’s network.
How to Protect Yourself
Stay alert and use these best practices to avoid falling into the trap:
Question unexpected calls. If someone claiming to be IT support contacts you out of the blue, don’t trust it right away. Confirm by reaching out to your actual IT department.
Think before downloading. Never install software or click links from unsolicited chats or calls. Always verify first.
Guard your access. Never hand over screen-sharing or remote-control permissions unless you’re 100% certain of the requester’s identity. Scammers thrive on creating urgency—don’t let them pressure you into a quick mistake.