{"id":8671,"date":"2026-07-07T21:20:43","date_gmt":"2026-07-07T21:20:43","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8671"},"modified":"2026-07-07T21:20:43","modified_gmt":"2026-07-07T21:20:43","slug":"watch-out-for-fake-support-calls-in-microsoft-teams","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8671","title":{"rendered":"Watch out for fake support calls in Microsoft Teams"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Palo Alto Networks\u2019 security division, Unit 42, is <a href=\"https:\/\/github.com\/PaloAltoNetworks\/Unit42-timely-threat-intel\/blob\/main\/2026-06-28-Fake-IT-support-abuses-Teams-to-deliver-EtherRAT.txt\">warning of yet another campaign targeting Microsoft Teams users<\/a>.<\/p>\n<p>The new campaign begins with Teams users receiving an email asking if they would like to participate in a survey. If they open the attached PDF file, they will shortly thereafter receive a voice call purporting to be from Microsoft Support.<\/p>\n<p>The fake support representative then attempts to gain permission to install a remote access tool, and in the process, Ether RAT \u2014 a Trojan that gives the scammers full access to the affected computer \u2014 is also installed.<\/p>\n<p>After that, it\u2019s a simple matter to steal sensitive data and files from users, reports <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-it-support-calls-on-microsoft-teams-push-etherrat-malware\/\">Bleeping Computer<\/a>.<\/p>\n<p>In other words, there\u2019s every reason to be on guard against both email surveys and support calls.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks\u2019 security division, Unit 42, is warning of yet another campaign targeting Microsoft Teams users. The new campaign begins with Teams users receiving an email asking if they would like to participate in a survey. If they open the attached PDF file, they will shortly thereafter receive a voice call purporting to be [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8672,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8671","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8671"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8671"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8671\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8672"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}