Microsoft Teams is finally introducing a spam and phishing alert - here’s what you need to know

(Image credit: Shutterstock / monticello)

Microsoft Teams is finally introducing a phishing alert function
The feature will be generally available in mid-February 2025
Hackers have been abusing external comms to hit organizations with malware and ransowmare

Microsoft Teams has long been a favorite target for hackers looking to infiltrate organizations by impersonating brands or network administrators, but that is all finally about to change.

Numerous threat actors have abused external access, with one Russian group ‘bombing’ a user's email inbox with thousands of emails before pretending to be an IT support worker calling to help fix the spam, before gaining remote access and deploying malware.

A phishing warning for external messages has therefore been a long time coming, with the feature set to be introduced by Microsoft in mid-February 2025.

Phishing detector

The phishing threat alert was first rumoured in October 2024 in the Microsoft 365 roadmap, with a subsequent advisory added to the Microsoft 365 service update page stating the system would be generally available around mid-February 2025.

“This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to update any relevant documentation. We recommend that you educate your users on what the new high-risk Accept/Block screen means and remind users to proceed with caution.”

Phishing checks will happen every time a user receives a message from an external source for the first time, Microsoft added, further explaining that an ‘Accept or block’ prompt will appear over suspicious chats, with the user being reminded to recognize that the message could be phishy if they choose to click accept.

External access can be disabled in the Microsoft Teams Admin Center, preventing risky external communications entirely, but those who regularly need to use external messaging will have to remain extra vigilant until mid-February. Microsoft recommends that organizations train their employees to spot and report suspicious phishing emails and messages.

Via BleepingComputer

Keep your organization secure with the best business VPN
These are the best firewalls around today
Ransomware crew pose as Microsoft Teams IT support to steal logins and passwords

TOPICS

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.