Beware! Fake Microsoft Teams messages can steal your data: Google shares how to stay safe

HIGHLIGHTS

Scammers send lots of emails, then contact you on Microsoft Teams pretending to help.

They trick you into logging in on a fake page and steal your details.

Stay safe by avoiding unknown links and using two-step verification.

Google has recently cautioned the users about a new online scam which is targeting people in a very clever way. The hackers usually flood their prey’s inbox with multiple spam emails, and by this they ensure that the users feel that something is wrong with their account. However, soon after you face this issue, a person will contact you on Microsoft Teams and will portray themselves as being from IT support. They’ll further tell you that they are aware of the issue and will offer to fix the problem. Once you agree, they’ll guide you to a link that will land you on a page which will ask you to log in and run a quick check. If you log in, then all your details will get stolen without you knowing. Here’s everything you should know about the scam and how you can be safe.

According to security researchers, a newly identified group called UNC6692 starts by flooding a person’s inbox with a large number of spam emails. This sudden wave makes it look like something is seriously wrong with the email account. Soon after, the attackers contact the victim through Microsoft Teams, posing as IT or support staff.

Also read: Apple introduces monthly plans with hidden 12-month commitment: What it offers

They claim that they are aware of the issue and offer to fix it. However, to do that, they’ll send you a phishing link on Microsoft Teams and ask the user to follow the on-screen instructions. The page looks real and tells the person to do a quick check. It also asks them to log in with their email and password.

The first time you’ll try to log in, it will always fail. This is usually done to give you the trust that the site is genuine. However, when you try to log in again, your details will be secretly saved. All of this happens in the background, so the person doesn’t realise they have shared their email and password with hackers. By the time they see a success message, the attackers may already be inside the account and even have control of the device.

Also read: Samsung faces legal trouble as rival claims ownership of foldable Z series tech

The scam doesn’t stop there. It can also install hidden tools that let attackers stay connected, gather more information, and take full control if they want.

How to stay safe

You can avoid falling prey to such scams if you stay alert. Here are some of the steps you can follow:

Never click on links sent by unknown or unverified accounts.
Don’t enter your password by clicking links in messages. Instead, type the official website address yourself and go there directly.
Turn on two-step verification for your accounts.
If you receive a suspicious message, report it directly to your company or service provider.

Bhaskar Sharma

Bhaskar is a senior copy editor at Digit India, where he simplifies complex tech topics across iOS, Android, macOS, Windows, and emerging consumer tech. His work has appeared in iGeeksBlog, GuidingTech, and other publications, and he previously served as an assistant editor at TechBloat and TechReloaded. A B.Tech graduate and full-time tech writer, he is known for clear, practical guides and explainers.