Our Gallery

Contact Info

Twitter Facebook-f Linkedin-in Instagram

Cyber Blog

blog
0 Comments

Bugs in Microsoft Teams Could Let Attackers Pretend to Be Your Coworkers

Recent research has uncovered several serious flaws in the widely used communication platform Microsoft Teams that could allow attackers to trick people by pretending to be trusted colleagues, and even to change messages without anyone knowing.

Here’s what happened in simple terms:

  • Four separate issues were discovered that affect both inside users (employees) and guest or external users collaborating via Teams.
  • In one flaw, a malicious actor could send a message and later edit its content, yet the message would not show the usual “Edited” label—which means the recipient might believe the message is untouched and genuine.
  • In another, an attacker could spoof the sender’s name, making it look like a senior leader or trusted person sent the message, thereby increasing the chance that the recipient will click a link or comply with a request.
  • The bugs also made it possible to change how chat displays appeared (for example, making one-on-one chats appear as if they were from someone else) or forge caller identities in voice/video calls—so you might think you’re talking to a trusted coworker when you’re actually talking to an attacker.
  • These flaws were responsibly reported to Microsoft, and the company has since issued patches to fix them across affected versions.

Why this matters

For organizations that rely on Teams for daily collaboration, these issues strike at the heart of trust: if you cannot be sure who sent a message or that the message hasn’t been tampered with, you’re vulnerable to fraud, data theft, or malicious actions disguised as legitimate team communication. Everyone—from regular users to executives—is potentially at risk.

What you can do

  • Make sure your Teams application (desktop, mobile, web) is fully updated with the latest patches.
  • Be extra cautious when you receive urgent requests via chat or call—even if it looks like it’s from a colleague or leader.
  • Train staff to slow down before clicking links or responding to messages, especially those that ask for sensitive actions or information.
  • Consider adding extra verification for requests that involve sensitive data, financial transfers, or external collaborators.