Phishing is moving out of the email inbox and into the chat window. Researchers at Palo Alto Networks Unit 42 warn that attackers are increasingly opening Microsoft Teams conversations with employees while posing as the company's own IT department, then walking them into handing over access to their accounts.
The playbook is simple and effective. An employee gets a Teams message, marked as external, that reads something like, Hi, this is the IT Department, we see an issue with your account. The fake technician explains that a suspicious login was detected and asks the worker to approve a multi factor authentication (MFA) prompt to confirm their identity. The chat is kept friendly for a few minutes to build trust, but approving that prompt is what hands the attacker the keys.
Why attackers are switching channels
Years of training have taught people to be wary of suspicious emails, and email gateways have grown better at filtering them. Chat tools have not had the same scrutiny, so users tend to trust them more. According to Unit 42, phishing alerts originating from collaboration tools jumped to 42% of all the phishing alerts it tracked in the first four months of 2026, up from 30% in the preceding four months. Operating inside Teams also helps attackers blend in with legitimate business activity.
This is not only a cybercrime problem. Unit 42 notes that APT29, the Russian state linked group it tracks as Cloaked Ursa (also known as Cozy Bear and Midnight Blizzard), has already operationalized the technique, using compromised accounts to send Teams messages with links to fake Microsoft login pages. In December 2025, a separate group impersonated IT helpdesk staff over Teams by convincing employees to accept a chat invitation from an outside organization.
How they get in
Many organizations leave Teams federation open by default, which lets anyone on any external Microsoft 365 tenant start a chat with their staff. Attackers exploit this by spinning up tenants and domains with names that mimic IT support, security teams, or trusted vendors, sometimes using lookalike typosquatted domains. In the worst case they skip the disguise entirely by compromising a real supplier or partner account and messaging from a domain the target already trusts.
What you should do
Unit 42 stresses that the fix is mostly about configuration, not a product flaw. Where business needs allow, restrict Teams federation to an approved list of external domains and disable contact from unmanaged or personal accounts. Extend phishing awareness training to cover chat tools, teaching staff that Teams messages can come from outside the company and that no legitimate IT team will ask them to approve an unexpected MFA prompt. Back this with identity controls such as Conditional Access and just in time privileged access, and treat unsolicited external chats, especially from newly seen domains, as events worth investigating. The same identity-first mindset applies to the emerging blind spot of AI agent identities acting on a user's behalf in Microsoft Entra.
This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.