There’s finally a fix to this serious Microsoft Teams problem

2 minutes, 9 seconds Read

The team behind Microsoft Teams has moved to address one of the most pressing security issues affecting the service in a new update.

Users of the video conferencing platform will soon be able to report suspicious Microsoft Teams messages as a security threat using Office 365’s built-in safety protections.

The service will be available to Office 365 users via its Microsoft Defender service, and will work much the same way as the current process for reporting suspect emails.

Microsoft Teams phishing

In its entry on the official Microsoft 365 roadmap, the company notes that the new tool will help an organization “protect itself from attacks via Microsoft Teams”.

Given the similarities to existing systems, this should be as simple as clicking on a Defender pop-up message alerting to possible threats, which should block the malicious message immediately.

The feature is still listed as in development for now, with a scheduled general availability launch set for January 2023. When released, the company says it will be available to all web and desktop users across the world using Teams and Microsoft Defender for Office 365.

The news is the latest in a series of upgrades to Microsoft Teams in order to help protect users from possible security threats.

Back in July 2021, the platform gained the ability to automatically block phishing attempts thanks to an expansion of Defender for Office 365 Safe Links. This tool automatically scans URLs sent in Microsoft Teams to determine if they direct to a malicious destination.

Microsoft said at the time that every month its detection systems discover close to two million distinct URL-based payloads used by cybercriminals to conduct credential phishing campaigns.

Microsoft Teams has long been an attractive target for hackers, offering a straightforward route into a business via its employees. A report in February 2022 found attackers are using Teams chats and channels to spread malicious executable (.exe) files throughout organizations, which once activated can deliver malicious files to any member of the organization, either via one-on-one chats or group channels.

Another recent Microsoft 365 phishing campaign looked to impersonate several departments of the United States government, including the Department of Labor and the Department of Transport.

The emails, targeted at government contractors, claim to request bids for government projects but lead victims to credential phishing pages instead. 

Similar Posts