What you need to know
- A new report from Avanan indicates that not all organizations and their employees are taking proper precautions when it comes to screening content shared via Microsoft Teams.
- The report reiterates that just like many do with emails, it's a good idea to double-check who your Teams files are coming from and what they contain.
A new report from Avanan is making the rounds, reminding Microsoft Teams users to ensure everything's on the up-and-up before accepting files from chats on the platform. Because, just like with emails, malicious items can be distributed in unsuspecting forms designed to catch you off guard.
The report indicates that, since January 2022, Avanan has seen thousands of attacks taking place over Teams chats, wherein malicious executables are distributed by spoofed or compromised accounts in order to laterally invade userbases (via WinFuture). The executables in question are Trojans that infect and take over PCs.
Threat actors can invade peoples' Teams accounts via any of the routes used to invade any type of online account, including credential theft from previous phishing attacks (Microsoft 365 and email credentials are favorite targets).
While a lone report isn't always indicative of life-or-death issues and, in Avanan's case, certain details are left ambiguous as to just how serious the problem really is, the general public service announcement underscoring the findings is an important one: Don't assume a file is safe just because it was sent via Teams. Some people may treat content disseminated through the platform as above reproach unlike, say, an email attachment, but such things should be treated with equal scrutiny.
Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to firstname.lastname@example.org.
A small, but useful tip: If you mouse over embedded links in a Teams-chat you can see the real url. That will give you the chance to decide whether the shared link comes from your own tenant or not. Shared links from Office files often comes as embedded links (the link is showed as the filename), so it is a good practice to check the url before clicking
Definitely always check URLs before clicking. That won't save you 100% of the time, but it's a good tip nonetheless.
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.