IT News

New Threat to Microsoft Teams – Criminals Using "External" Contact to Attach Malicious Files in Messages

A new tool, dubbed "TeamsPhisher," gives cybercriminals a way to leverage a security vulnerability in Microsoft Teams and automatically deliver malicious files to targeted Teams users in an organization. By impersonating legitimate external contacts or creating fake accounts, cybercriminals are sending messages containing infected attachments, aiming to deceive users into opening them—potentially leading to malware infections and data breaches.

If you weren't expecting it, don't accept it!

In light of the unresolved vulnerability, at this time, we highly discourage communications with external users/tenants, if not expected and/or required. By limiting interactions with external accounts, we can reduce the risk of falling victim to TeamsPhisher attacks.

Microsoft is aware of this issue, and encourages customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers.

Below you'll find an example of what a message request from an external user looks like. If you receive a similar notification via Microsoft Teams, and you were not expecting it, DO NOT accept the request.

If you are ever a victim of this type of attack, or if you have any questions or concerns, please contact the IT Service Desk – Coral Gables/Marine: 305-284-6565 or; UHealth/MSOM: 305-243-5999 or

Last Updated: July 2023