Tech Tips

February 14, 2024

Teams is Not Safe from Phishing Attacks

Phishing attacks can reach your users through Microsoft Teams...unless you change your permissions for external user accounts.

We knew it would come...and now it's here. Phishing has broken into Microsoft Teams.

AT&T Cybersecurity recently discovered phishing attacks sent through the Microsoft Teams platform. They took the form of external accounts messaging users, sending over malware-infected links.

How do you stop phishing like this? By changing who can message your Teams users.

When it comes to external accounts – people outside your organization – the default Teams setting is, "Allow all external domains."

What you want to do is change this setting to, "Allow only specific external domains."

This creates an "Allow List" within Teams. Add to that list all previously-authorized domains before making the change. These would include vendors, customers, partners, and so on. Everyone else – like phishers – gets blocked.

And as always, the Golden Rule of Phishing applies: Never click on a link you didn't expect. That goes for Teams, email, or anywhere else.


To check your Teams accounts & assess vulnerabilities, contact PlanetMagpie's Support Team.