The Next Phishing Threat Small Businesses Should Watch Out For: Microsoft Teams Calls

Phishing is no longer staying in the inbox.

For years, most small businesses have focused on suspicious emails. That still matters, but attackers are starting to use other channels that feel more normal in day-to-day work.

One of the most evident examples in 2026 is Microsoft Teams. Instead of sending fraudulent emails, attackers are now utilizing chat messages, voice calls, and deceptive support conversations to manipulate employees into trusting them. In some instances, they impersonate internal IT support, while in others, they employ external accounts or urgent messages to prompt users to click, approve access, or share information hastily.

What is happening right now

Microsoft reported in March 2026 that an investigation revealed a compromise that began with repeated voice phishing calls via Microsoft Teams. In these calls, the attacker impersonated IT support and ultimately convinced a user to grant remote access.

Rapid7 reported in March 2026 that its team was observing a rise in phishing campaigns where attackers impersonated internal IT departments via Microsoft Teams. More recently, reports of Microsoft Teams abuse have linked the platform to social-engineering-driven credential theft and subsequent attacks.

This is important because Teams is perceived as a reliable work tool. When a call or message comes in during a hectic day, employees might assume it is genuine simply because it appears on a business platform they regularly use.

Why this matters for small businesses

For a small business, a single impactful Teams call can cause significant harm.

If an attacker convinces an employee to approve remote access, share a login code, install a tool, or trust a fraudulent support request, the consequences can include account compromise, unauthorized file access, payment fraud, or business downtime. A significant security breach is not necessary for disruption to occur; even a single staff member in accounting, operations, scheduling, or customer service can become the weak link.

Smaller teams are particularly vulnerable because team members often take on multiple roles. When everyone is busy, a quick call from "support" may seem helpful rather than suspicious.

Why these scams work

Team-based scams are effective because they evoke a sense of immediacy and personal connection.

A fake email can often be disregarded, but a live call is more difficult to ignore. Attackers understand that a voice conversation creates pressure and reduces skepticism. If they sound calm, knowledgeable, and urgent, they can lead a user to make a poor decision much more quickly than a simple phishing message.

This reflects a broader trend in cybercrime: attackers are increasingly utilizing trusted business tools and realistic work scenarios rather than relying on clumsy, obvious scams.

What small businesses should do now

Small businesses shouldn't stop using Teams; instead, they need to develop better habits for using it.

• Train employees to be cautious with unexpected Teams calls, chats, and support requests.
• Make it a policy that no one grants remote access or shares login codes during an unverified call.
• Create a simple internal rule for verifying IT requests through a second channel.
• Review external communication settings in Teams and reduce unnecessary exposure where practical.
• Use multifactor authentication and stronger sign-in methods across Microsoft 365 accounts.
• Make sure employees know that urgency is often part of the scam.

Source Links

• Microsoft Security Blog: https://www.microsoft.com/en-us/security/blog/2026/03/16/help-on-the-line-how-a-microsoft-teams-support-call-led-to-compromise/
• Rapid7: https://www.rapid7.com/blog/post/dr-guidance-on-observed-microsoft-teams-phishing-campaigns
• The Hacker News: https://thehackernews.com/2026/05/muddywater-uses-microsoft-teams-to.html
• Reddit small business discussion: https://www.reddit.com/r/smallbusiness/comments/1r0m653/got_phished_through_microsoft_teams_not_email/