Microsoft Teams Calls being spoofed ???

Don't Get Fooled by Fake Teams Calls

That Microsoft Teams call popping up on your screen might not be who it claims to be.

A growing attack method targets small businesses directly through Teams, no email phishing required. Attackers impersonate IT support, vendors, or even Microsoft itself to gain remote access to your systems. If you're managing your own IT, you need to know how this works and how to shut it down.

How the Attack Works

The attacker creates a Microsoft 365 tenant with a display name like "Microsoft Technical Support" or "IT Help Desk." They then initiate a Teams call or chat to your organization. Because Teams allows external communication by default, the call appears legitimate.

Once connected, they'll claim there's a security issue, an expiring license, or some urgent problem requiring immediate action. The goal is always the same: get you to grant remote access through Quick Assist, AnyDesk, or screen sharing—or trick you into revealing credentials.

Some attackers flood your inbox with spam first, then call pretending to help you fix the "problem" they created.

Why Small Businesses Are Prime Targets

Larger organizations have IT teams who recognize these tactics immediately. When you're handling IT yourself, you might not have encountered this before. Attackers know this and specifically target smaller operations where a business owner or office manager might take the call thinking it's legitimate support.

Your Defense Checklist

Lock down external access in Teams Admin Center:

Sign in at admin.teams.microsoft.com
Navigate to Users → External access
Change "People in my organization can communicate with Skype and Teams users outside my organization" to Off or limit it to specific trusted domains only
Under Guest access, review and restrict permissions

Block external calls specifically:

In Teams Admin Center, go to Voice → Calling policies
Disable "Make private calls" for users who don't need external calling capability

Disable Quick Assist on workstations:

Open Settings → Apps → Installed apps
Find Quick Assist and uninstall it
If you need remote support, use a tool you control with a documented process

Establish a verification protocol:

Microsoft will never cold-call you through Teams
Your bank, vendor, or software provider won't either
If someone claims to be support, hang up and call the official number yourself

Train everyone who answers:

Anyone with Teams access needs to know this attack exists
The rule is simple: never grant remote access to an inbound caller, period

What To Do If You Get One of These Calls

End the call immediately. Don't engage, don't argue, don't try to waste their time. Block the user in Teams by right-clicking their name. Report the incident by going to the chat, clicking the three dots, and selecting "Report this message."

If you accidentally granted access, disconnect from the internet immediately, change all passwords from a different device, and scan for newly installed software—particularly remote access tools.

The One Rule That Stops This Cold

Legitimate support never initiates contact asking for remote access. Ever. If you didn't open a ticket, start a chat, or call them first, it's not real. Build this into your operations as non-negotiable policy.

0 comments

Fractional IT

skool.com/fractional-it

IT resources for home offices, small offices and small businesses that don't want or don't need dedicated IT Support.

Leaderboard (30-day)