If you use Microsoft Teams, you need to stay vigilant because an ongoing phishing attack is trageting users by abusing Teams’ official notification system. As reported by security research firm SpiderLabs, the attackers send deceptive messages that appear genuine. Apparently, that’s done by bypassing usual email filters, which can even fool careful users sometimes.

How attackers trick victims

The scam begins with invites to malicious Teams groups that use convincing names. You may receive fake notifications for PayPal payments, auto-renewal charges, or invoice disputes. Once a user is added to the suspicious group, the platform automatically generates a notification email from [email protected]. That’s a sender domain trusted by both users and security systems.

PhishingAlert: Threat actors are abusing #Microsoft Teams notifications to deliver callback #phishing. Victims are invited to groups where team names contain the #scam content, such as fake invoices, auto-renewal notices, or #PayPal payment claims, and urges users to call a fake… pic.twitter.com/jr2VTYDCEw — SpiderLabs (@SpiderLabs) December 4, 2025

These emails contain urgent instructions, which make the victim call a support number if they did not authorize the transaction. The psychological pressure kicks in, after all, we are humans.

Victims feel they must act fast and make calls to reported phone numbers, including 1-983-220-2463, 1-810-221-5391, and 1-805-331-8539. When users call, scammers pose as support staff and attempt to extract sensitive details, including login credentials, payment info, or even remote access to devices.

The campaign is especially effective because it bypasses regular phishing detection, which usually flags suspicious links or attachments rather than phone-based social engineering. Security researchers recommend using multi-layered defenses to curb this phishing attack.

How to stay safe

If you’re the owner of a business, you must monitor Teams logs for newly created unusual groups or naming patterns, and email filters should flag Teams notifications with extra scrutiny. Meanwhile, individual users must always double-check unexpected charges through official channels rather than calling numbers in unsolicited messages. Moreover, administrators can also implement governance rules to restrict group naming and track unusual activity.

