- Hackers create financial-themed kits to trick users without using phishing links
- Obfuscated computer names avoid automatic detection and appear normal to targets.
- Fraudulent phone calls attempt to extract login credentials and sensitive information
Attackers are now abusing legitimate Microsoft Teams features to reach users without using traditional phishing links, according to new research.
CheckPoint experts found that the campaign begins when hackers create new computers named after urgent billing or financial themes, often incorporating obfuscation techniques such as mixed Unicode characters or visually similar symbols.
These tactics allow malicious computer names to avoid automatic detection while still appearing normal to users.
How hijacking leads to email access
Once attackers set up the computer, they use the “Invite a Guest” feature to send official-looking Microsoft emails directly to targets, making the invitations appear credible and increasing the likelihood of user interaction.
Phishing messages instruct recipients to call a fraudulent support number to resolve suspected subscription or billing issues, and during these calls, attackers attempt to extract login credentials or sensitive information that can be used to access corporate email accounts.
Unlike conventional phishing, the campaign avoids malicious links or malware attachments and instead relies on social engineering to compromise accounts.
The combination of official Microsoft messages and urgent financial-related language creates a higher level of trust, making standard firewall protections less effective without user surveillance.
Users should treat any unexpected invitations to Teams with caution, especially if team names include payment amounts, invoices, phone numbers, or unusual formats.
Garbled characters, inconsistent spelling, or displays with large fonts designed to attract attention serve as strong warning signs.
Organizations that widely use these types of online collaboration tools should ensure that staff receive training to recognize these subtle red flags and report suspicious invitations immediately.
Malware removal procedures and layered email security can provide additional protection, but human attention is still critical to avoiding compromise.
However, even with firewalls and security controls in place, attackers continue to adapt tactics that exploit trusted collaboration platforms.
Surveillance, staff awareness, and prompt reporting are essential to prevent this type of social engineering from being successful.
Check Point says the attack has targeted organizations across multiple industries, including manufacturing, technology, education and professional services.
Teams users around the world should maintain heightened awareness to reduce the risk of exposing email accounts or other internal systems.
The analysis indicates that the affected organizations were concentrated in the United States and accounted for almost 68% of the incidents.
Europe followed with 15.8%, Asia with 6.4% and smaller shares appeared in Australia, New Zealand, Canada and LATAM countries.
Within Latin America, Brazil and Mexico experienced the most activity, together accounting for more than 75% of regional incidents.
While the attackers do not appear to deliberately target specific sectors, the campaign demonstrates the scale at which trusted collaboration platforms can be exploited.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
