Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook

Attackers are using Microsoft Teams' external access feature to impersonate IT helpdesk staff and convince employees to grant remote control access, exploiting the fact that collaboration platforms enable real-time, convincing interactions. Unlike traditional phishing, this technique leverages social engineering within trusted communication channels to bypass standard malware detections by obtaining user-approved access. The attack reflects an evolution of social engineering tactics that takes advantage of cross-tenant communication capabilities (features allowing external users to contact employees across different organizations) and the growing role of collaboration tools in workplace communication.