Hackers Exploit Microsoft Teams’ Collaboration Features to Impersonate IT Helpdesk Staff

This report details a surge of Teams-based vishing campaigns where attackers impersonate internal IT via external/cross-tenant Teams calls and messages to obtain remote access or credentials; investigators are urged to use Microsoft 365 Unified Audit Log artifacts (notably CallParticipantDetail) alongside endpoint telemetry for timeline reconstruction, and the report includes recommended mitigations such as restricting federation, blocking legacy remote assistance tools, and enforcing out-of-band verification.