With cyber threats evolving rapidly, it’s essential for businesses to stay informed and proactive in safeguarding their networks. A recent tactic targeting businesses is particularly crafty: attackers posing as IT support on Microsoft Teams. This form of social engineering allows cybercriminals to gain access to sensitive data and systems by tricking employees into providing remote access to their devices. Here’s how it works and what you can do to protect your business.

Understanding the Attack: How Fake IT Support Scams Work

  1. Email Overload to Cause Confusion: The attackers’ plan begins by overwhelming the targeted employee’s inbox with thousands of emails. These aren’t the usual phishing emails with malicious links. Instead, they are innocuous emails, such as newsletters and account confirmations. The sheer volume of these messages is designed to confuse and frustrate the recipient, creating a sense of urgency.
  2. Impersonation on Microsoft Teams: Once the employee’s inbox is flooded, attackers exploit the confusion by posing as IT support on Microsoft Teams. Using fake external accounts with names like “supportadmin[.]onmicrosoft.com” or “securityhelper[.]onmicrosoft.com,” they reach out through chat, appearing as legitimate help desk contacts offering assistance with the “email issue.”
  3. Convincing Tactics: Attackers often include terms like “Help Desk” in their profiles to appear trustworthy and legitimate. They may even add employees to private one-on-one chats, enhancing the illusion that the employee is dealing with internal IT staff.
  4. Phishing for Remote Access: In these chats, attackers may send links, QR codes, or other prompts to “fix” the problem. If the employee complies, they may be tricked into installing remote access tools such as AnyDesk or Microsoft’s Quick Assist. With this access, attackers can install persistent backdoor software, allowing them to continue accessing the network long after the initial attack.
  5. The Endgame: Full Network Compromise: Once in, attackers can spread to other systems, steal data, escalate privileges, or even install ransomware, putting the entire network and data at risk.

How Businesses Can Stay Protected

  1. Restrict External Communication on Microsoft Teams: One simple yet effective measure is to limit or entirely restrict messages from unknown external users on Teams. Many MSPs recommend allowing communications only from verified or trusted domains, especially if external communications are necessary.
  2. Enable Logging and Monitor Activity: Ensure activity logging is enabled, particularly for Teams events such as new chat creation. Reviewing these logs regularly helps detect unusual or unauthorised activity, such as unexpected chats with IT “help desk” profiles.
  3. Educate Employees on Social Engineering: It’s essential to train your employees to recognise the signs of social engineering attacks. Remind them that legitimate IT staff will rarely send QR codes or unsolicited requests for remote access in Teams chats. Encourage them to verify the sender’s identity by contacting IT directly if they receive a suspicious request.
  4. Implement Endpoint Security and Anti-Malware Tools: A robust cybersecurity setup can detect and stop unauthorised software before it becomes a problem. Anti-malware tools and endpoint security solutions are especially useful here, as they can block or flag potentially harmful software that attackers may attempt to install.
  5. Regular Security Audits and Phishing Simulations: Schedule regular security audits and consider conducting phishing simulations to keep your employees prepared. Simulations can reinforce good habits, helping employees spot fake IT requests more easily and stay alert to potential threats.

How We Can Help

As an MSP, we specialise in helping businesses strengthen their defences against ever-evolving cyber threats. Our services include:

  1. Customised Security Policies: We work with you to set up and enforce security policies that protect your network.
  2. Employee Security Awareness Training: We teach your team how to recognise and respond to social engineering through workshops and ongoing training.
  3. 24/7 Network Monitoring and Incident Response: With around-the-clock monitoring, we quickly detect and respond to suspicious activity to keep your network safe.

Final Thoughts

Cybercriminals are constantly looking for creative ways to access business networks. Understanding these threats and taking proactive steps can make your business a more challenging target for attackers. If you’re concerned about your business’s cybersecurity, we’re here to help. Contact us today to learn more about protecting your network and data from the latest threats.