Microsoft Teams is finally introducing a spam and phishing alert - here’s what you need to know

News
By published

External phishing warnings have arrived

Microsoft Teams
(Image credit: Shutterstock / monticello)
  • Microsoft Teams is finally introducing a phishing alert function
  • The feature will be generally available in mid-February 2025
  • Hackers have been abusing external comms to hit organizations with malware and ransowmare

Microsoft Teams has long been a favorite target for hackers looking to infiltrate organizations by impersonating brands or network administrators, but that is all finally about to change.

Numerous threat actors have abused external access, with one Russian group ‘bombing’ a user's email inbox with thousands of emails before pretending to be an IT support worker calling to help fix the spam, before gaining remote access and deploying malware.

A phishing warning for external messages has therefore been a long time coming, with the feature set to be introduced by Microsoft in mid-February 2025.

Phishing detector

The phishing threat alert was first rumoured in October 2024 in the Microsoft 365 roadmap, with a subsequent advisory added to the Microsoft 365 service update page stating the system would be generally available around mid-February 2025.

“This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to update any relevant documentation. We recommend that you educate your users on what the new high-risk Accept/Block screen means and remind users to proceed with caution.”

Phishing checks will happen every time a user receives a message from an external source for the first time, Microsoft added, further explaining that an ‘Accept or block’ prompt will appear over suspicious chats, with the user being reminded to recognize that the message could be phishy if they choose to click accept.

External access can be disabled in the Microsoft Teams Admin Center, preventing risky external communications entirely, but those who regularly need to use external messaging will have to remain extra vigilant until mid-February. Microsoft recommends that organizations train their employees to spot and report suspicious phishing emails and messages.

Via BleepingComputer

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.