Warning: Microsoft Teams-Based Malware and Phishing Attacks

July 10, 2023

Cybersecurity experts warn that an exploit discovered in Microsoft Teams allows external users to send files and join Teams Chat conversations, creating the possibility for phishing style cyberattacks. BaylorITS encourages everyone in the Baylor community to be #BearAware by applying the same scrutiny to Teams messages as to "phishy" email or text messages.

Remember, phishing occurs when nefarious actors use email, social media, or other messaging platforms (like Microsoft Teams) to lure you into clicking on a link, downloading a malicious file, or providing personal information directly.

The National Cybersecurity Alliance suggests pausing before clicking links in messages, downloading attachments, or providing personal data. A message may appear legitimate or sent from a trustworthy source, but check for these common signs of "phishy" messages:

Does it contain an offer that’s too good to be true?
Does it include language that’s urgent, alarming, or threatening?
Is it poorly crafted writing riddled with misspellings and bad grammar?
Is the greeting ambiguous or very generic?
Does it include requests to send personal information?
Does it stress urgency to click on unfamiliar hyperlinks or open an attached file?
Is it a strange or abrupt business request?
Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com.

If you suspect a message you receive is an attempted phishing attack, report it to abuse@baylor.edu and the cybersecurity team at BaylorITS will investigate. Being #BearAware about phishing protects your personal information and the university's vital information resources.

Visit its.web.baylor.edu/bearaware for more cybersecurity tips. If you have any questions, contact HelpDesk+ at (254) 710-4357, helpdesk@baylor.edu, or visit us on the garden level of Moody Memorial Library.

Additional Resources

"Microsoft Teams Attack Skips the Phish to Deliver Malware Directly," Dark Reading, June 23, 2023.
"New tool exploits Microsoft Teams bug to send malware to users," Bleeping Computer, July 5, 2023
"TeamsPhisher Tool Exploits Microsoft Teams to Deploy Malware," Cyware Social, July 6, 2023.