Beware! Hackers Are Abusing Teams Notifications to Run Callback Phishing Scam

December 6, 2025 admin

If you use Microsoft Teams, you need to stay vigilant because an ongoing phishing attack is trageting users by abusing Teams’ official notification system. As reported by security research firm SpiderLabs, the attackers send deceptive messages that appear genuine. Apparently, that’s done by bypassing usual email filters, which can even fool careful users sometimes.

How attackers trick victims

The scam begins with invites to malicious Teams groups that use convincing names. You may receive fake notifications for PayPal payments, auto-renewal charges, or invoice disputes. Once a user is added to the suspicious group, the platform automatically generates a notification email from [email protected]. That’s a sender domain trusted by both users and security systems.

These emails contain urgent instructions, which make the victim call a support number if they did not authorize the transaction. The psychological pressure kicks in, after all, we are humans.

Victims feel they must act fast and make calls to reported phone numbers, including 1-983-220-2463, 1-810-221-5391, and 1-805-331-8539. When users call, scammers pose as support staff and attempt to extract sensitive details, including login credentials, payment info, or even remote access to devices.

The campaign is especially effective because it bypasses regular phishing detection, which usually flags suspicious links or attachments rather than phone-based social engineering. Security researchers recommend using multi-layered defenses to curb this phishing attack.

How to stay safe

If you’re the owner of a business, you must monitor Teams logs for newly created unusual groups or naming patterns, and email filters should flag Teams notifications with extra scrutiny. Meanwhile, individual users must always double-check unexpected charges through official channels rather than calling numbers in unsolicited messages. Moreover, administrators can also implement governance rules to restrict group naming and track unusual activity.

via: Cyber Press

Rishaj Upadhyay

News Editor

Rishaj is a tech writer who has been writing professionally for over four years, with a passion for Android, Windows, and all things tech. He initially joined Windows Report as a tech journalist and is now taking over as a news editor. When he’s not breaking the keyboard, you can find him cooking, or listening to music/podcasts.