Teams will give you a heads-up about phishing attacks, but will it make a difference?

The new security layer will be implemented starting February

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Microsoft will roll out phishing protection for Teams

Last year, Microsoft Teams was used for phishing attacks with DarkGate malware. Microsoft responded in October with a plan to include advanced phishing protection for Teams.

In the Microsoft 365 Roadmap document, the software giant promised that Teams will Identify if an external user is impersonating a brand commonly targeted by phishing attacks, during their initial contact with an enterprise user via Teams messages.

Initially, Microsoft planned to roll out this update in January, but as reported by Bleeping Computer, the software giant updated the timeline to mid-February and specified that the changes would be enabled by default. That means the IT admins don’t need to configure anything on their clients.

Microsoft detailed the nature of the update in a message addressed to administrators:

If your organization enables Teams external access, we will check for potential impersonation activity when your user receives a message from an external sender for the first time. Your users will see a high-risk warning in the Accept/Block flow if we think there is a potential impersonation risk, and users must preview the message before they can choose to accept or block. If users choose to accept, we will prompt them again with potential risk before proceeding with Accept.

So, as with any phishing attack, the consequences depend on the user’s reaction. Microsoft Teams will issue the alert, but if the organization accepts the Teams external access and the user decides to accept the possible attacker, they will receive another warning. If that is ignored as well, there is nothing much to do from that point.

Until the update rolls out, Microsoft recommends admins to disable external access in Teams. You can do that by accessing the Admin Center > External Access menu.

This is a welcome change for Microsoft Teams but the decision will still be in the hands of the users. The Teams phishing attacks are successful only if the user decides to follow up on the attacker’s intent. As with any such incident, you have to proceed with caution when you encounter a situation where you are faced with external messages or emails you know nothing about. But at least now, you are also getting a warning about the possible threat.

Have you encountered any such phishing attacks? Let us know in the comments below.

More about the topics: Microsoft Teams, Phishing

User forum

0 messages