September 1, 2021

Microsoft Teams – Massive Phishing Attack Surface by Default?


Hello all,

I just learned that Teams is set to ‘[Open Federation](https://docs.microsoft.com/en-us/microsoftteams/manage-external-access)’ by default, allowing *any* External org to send chat messages directly to internal users. “Safe links” is a MS URL detonation technology that is available for teams, but is also [disabled by default](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links?view=o365-worldwide).

Am I missing something, or is this a **monumental** phishing attack surface?

Seems like it would be trivial for an attacker to stand up a teams and reach out to users at random pretending to be IT. Does anyone know if the same technologies applied to Outlook email protection are also applied to Teams? To my knowledge, I have not yet seen phishing awareness training that covers teams, and the possibility of being contacted by an external attacker directly either.

Anyone have experience running a Teams phishing incident?

-beef

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.