For years, most small businesses have focused on suspicious emails. That still matters, but attackers are starting to use other channels that feel more normal in day-to-day work.
One of the most evident examples in 2026 is Microsoft Teams. Instead of sending fraudulent emails, attackers are now utilizing chat messages, voice calls, and deceptive support conversations to manipulate employees into trusting them. In some instances, they impersonate internal IT support, while in others, they employ external accounts or urgent messages to prompt users to click, approve access, or share information hastily.
Microsoft reported in March 2026 that an investigation revealed a compromise that began with repeated voice phishing calls via Microsoft Teams. In these calls, the attacker impersonated IT support and ultimately convinced a user to grant remote access.
Rapid7 reported in March 2026 that its team was observing a rise in phishing campaigns where attackers impersonated internal IT departments via Microsoft Teams. More recently, reports of Microsoft Teams abuse have linked the platform to social-engineering-driven credential theft and subsequent attacks.
This is important because Teams is perceived as a reliable work tool. When a call or message comes in during a hectic day, employees might assume it is genuine simply because it appears on a business platform they regularly use.
For a small business, a single impactful Teams call can cause significant harm.
If an attacker convinces an employee to approve remote access, share a login code, install a tool, or trust a fraudulent support request, the consequences can include account compromise, unauthorized file access, payment fraud, or business downtime. A significant security breach is not necessary for disruption to occur; even a single staff member in accounting, operations, scheduling, or customer service can become the weak link.
Smaller teams are particularly vulnerable because team members often take on multiple roles. When everyone is busy, a quick call from "support" may seem helpful rather than suspicious.
Team-based scams are effective because they evoke a sense of immediacy and personal connection.
A fake email can often be disregarded, but a live call is more difficult to ignore. Attackers understand that a voice conversation creates pressure and reduces skepticism. If they sound calm, knowledgeable, and urgent, they can lead a user to make a poor decision much more quickly than a simple phishing message.
This reflects a broader trend in cybercrime: attackers are increasingly utilizing trusted business tools and realistic work scenarios rather than relying on clumsy, obvious scams.
Small businesses shouldn't stop using Teams; instead, they need to develop better habits for using it.
A hot, noisy, or fast-draining laptop can slow down daily business work. Learn simple checks…
AI agents can help small businesses automate work, but they need the right permissions and…
Phishing attacks are becoming more focused and convincing. Learn what Orlando small businesses can do…
Choppy Microsoft Teams calls are often a network issue, not just a computer issue. Learn…
Microsoft’s Quick Machine Recovery feature can help some Windows 11 PCs recover from serious startup…
A new ransomware campaign is using fake Interpol investigation emails to scare small businesses into…