How to spot and avoid this new Microsoft Teams scam

How to protect yourself from scammers in Microsoft Teams

Reliaquest says it’s already seeing hackers adapting their tactics to use Microsoft’s QuickAssist instead of AnyDesk, so vigilance is key.

It recommends paying attention to the first emails as they “typically come from automated systems or services that send confirmations or notifications (e.g. noreply@domain(.)com, subscription@domain(.)com, support@ domain(.)com, help@domain(.)com, marketing@domain(.)com).”

Aggressive anti-spam policies within email security tools can prevent these spam emails from reaching your inbox, the report says.

But if an email does get through and organizations have disabled communications from external users within Teams, their employees remain safe. Reliaquest adds that if communication with external users is necessary, “specific trusted domains can be listed.”

It also suggests enabling logging for Teams and looking for fraudulent accounts. It writes that accounts pretending to be IT help desks are typically set to “Help Desk.” “This string is often surrounded by whitespace characters, which is likely to center the name in chats,” it explains. “When searching for these accounts, organizations should look for ‘contains’ rather than a direct match.”