Rising Scam Targets Remote Workers via Microsoft Teams
A new wave of cyberattacks is targeting employees working remotely, leveraging Microsoft Teams as an initial point of contact. The scam involves unsolicited calls presented as technical support, possibly leading to meaningful data breaches and financial extortion.
The deception begins with an unexpected call request within Microsoft Teams. The caller, posing as Help Desk or another form of IT assistance, typically communicates in English and claims the employee’s computer is experiencing technical issues. The core of the scam lies in a request for remote access, specifically asking the employee to install and run programs like AnyDesk or Rapid Assist.
What makes this scam particularly effective is Teams’ functionality allowing connections from external organizations.This creates a veneer of legitimacy, as the call appears to originate directly within the company’s dialogue platform.
According to reporting by ilta-sanomat, the pattern is consistent: employees receive an unexpected call via Teams, and the caller attempts to gain access to the corporate system under the guise of technical support. Key indicators of the scam include:
The caller identifies themselves as Help Desk or a similar technical support role.
Communication is conducted in English.
The caller alleges technical problems with the employee’s computer.
A request is made to use remote access software like AnyDesk or Quick Assist.
* The request for access is presented with minimal restrictions.
The Consequences of Granting Access
Allowing the scammer remote access is extremely dangerous. once connected,the attacker gains complete control of the compromised computer. This allows them to access sensitive data and, critically, download malware – frequently enough ransomware – for extortion purposes.Here’s a breakdown of the scam’s progression:
| Phase | Description |
|—|—|
| Initial Contact | Unsolicited call request within Microsoft Teams |
| Impersonation | Caller presents themselves as Help Desk or technical support |
| Language | Communication in English |
| Pretext | Claim of technical issues on the employee’s computer |
| Access Request | Request to use AnyDesk or Quick Assist for remote connection |
| Outcome (if granted) | Full system control, data access, and potential malware installation for extortion |
Experts emphasize that granting remote access in these scenarios presents a “total risk.” Rejecting the request is the crucial first step in preventing a prosperous attack and safeguarding company data.
