If there may be one company this is focused by way of scammers greater than any person else, it’s Microsoft. From buyer make stronger scams to impersonation and phishing assaults, the corporate’s products and services are repeatedly underneath danger. Not too long ago, even Russia-sponsored hackers controlled to breach Microsoft and thieve delicate knowledge.
Whilst Microsoft products and services as an entire are high goals, one that stands proud is Groups. The collaboration device is utilized by greater than 300 million other folks international, making it a goldmine for attackers. Hackers are the use of it to unfold phishing, vishing and quishing campaigns, depending on social engineering ways to trick sufferers into sharing personal and delicate information.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Microsoft Groups app on house display of smartphone (Kurt “CyberGuy” Knutsson)
The emerging assaults on Microsoft Groups customers
Cybercriminals are more and more focused on Microsoft Groups customers with sophisticated attack methods. One such methodology comes to malicious GIF photographs that exploit worm-like vulnerabilities, permitting attackers to take over accounts and infiltrate chat classes when the picture is opened.
Hackers additionally insert malware-laden information into chat threads, tricking customers into downloading DLL information that allow device takeover. Phishing campaigns leverage compromised accounts or domain names to ship misleading invites, luring sufferers into downloading damaging information.
Some attackers use e-mail bombing and vishing, posing as tech make stronger to crush customers with unsolicited mail emails sooner than tricking them into granting faraway get entry to. Compromised e-mail addresses and stolen Microsoft 365 credentials supply every other access level for unauthorized get entry to.
Plus, exterior get entry to settings in Microsoft Groups, which continuously permit out of doors customers to begin chats or conferences, will also be exploited if now not correctly limited. Any other not unusual tactic is sending phishing hyperlinks thru Groups chats, continuously disguised as invoices or fee notifications, resulting in ransomware infections.
A lady sporting a Microsoft computer (Kurt “CyberGuy” Knutsson)
9 WAYS SCAMMERS CAN USE YOUR PHONE NUMBER TO TRY TO TRICK YOU
Beware of pretend jobs as smartly
Scammers were working faux process schemes for some time, however their ways stay evolving. In recent times, I reported how fake job emails are being used to install crypto mining software that slows down computer systems. Now, they’re the use of Microsoft Groups chat to trick other folks.
It most often begins with an e-mail a few process adopted by way of a proposal to do the interview over Groups. The primary crimson flag is that all of the interview occurs over chat without a video and no name. After that, you’re “employed” and requested to publish your main points, continuously thru a Google Document inquiring for non-public information like your social safety or tax quantity. Some sufferers are even requested to shop for apparatus for the process, pay a hiring rate or acquire reward playing cards, which might be vintage indicators that the entire thing is a rip-off.
A lady operating on her Microsoft computer (Kurt “CyberGuy” Knutsson)
SPOTIFY PLAYLISTS ARE BEING HIJACKED TO PROMOTE PIRATED SOFTWARE AND SCAMS
6 techniques you’ll be able to keep secure from scammers focused on Microsoft Groups
1) Keep away from opening suspicious hyperlinks and attachments: Be wary of unsolicited hyperlinks or attachments, particularly in chat messages or emails. Cybercriminals continuously use those to ship malware or phishing hyperlinks. By no means click on on hyperlinks that appear abnormal or come from unknown resources.
The easiest way to safeguard your self from malicious hyperlinks that set up malware, doubtlessly getting access to your personal knowledge, is to have antivirus instrument put in on your entire units. This coverage too can warn you to phishing emails and ransomware scams, retaining your own knowledge and virtual property secure. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Test for crimson flags in process provides: In case you obtain a role be offering that turns out too excellent to be true or comes to an interview performed solely by the use of chat without a telephone name or video assembly, it is most likely a rip-off. Authentic firms normally habits interviews the use of more than one kinds of communique.
A role be offering that insists on handiest text-based conversations is a significant crimson flag. Different caution indicators come with being requested to offer non-public knowledge thru Google Medical doctors, being requested to pay for apparatus, paying charges to protected the process or buying reward playing cards as a part of the hiring procedure.
3) Use sturdy, distinctive passwords: Make certain your Microsoft 365 and different accounts are safe with sturdy passwords. Imagine the use of two-factor authentication so as to add an additional layer of coverage in opposition to unauthorized get entry to. Additionally, you could wish to use a password manager to generate and retailer complicated passwords.
4) Be wary with non-public knowledge: By no means percentage delicate non-public main points, like social safety numbers or tax knowledge, thru unsecured or unsolicited channels, similar to Google Medical doctors or messages on Groups. At all times examine the legitimacy of such requests.
5) Record suspicious task: In case you understand any suspicious task for your Microsoft Groups account or obtain abnormal process provides, file it instantly. Urged motion can save you a possible breach or additional compromise. Notify your IT division or related government so they are able to examine and take suitable measures.
6) Check IT make stronger requests: Be wary of unsolicited messages or calls claiming to be from IT make stronger, particularly the ones asking you to put in instrument or grant faraway get entry to. Cybercriminals continuously impersonate IT group of workers to deploy ransomware or thieve delicate information. At all times examine such requests together with your exact IT division sooner than taking any motion. If unsure, touch your IT group at once the use of legitimate channels, now not in the course of the message or name you won.
ENERGY-SAVING SCAM USES ELON MUSK’S NAME – HERE’S THE TRUTH
Kurt’s key takeaway
Scammers and hackers don’t seem to be slowing down, so staying sharp is the one approach to keep forward. If one thing feels off, like a role that sounds too excellent to be true, a random Groups message with a sketchy hyperlink or an interview this is only a chat, consider your instincts. You must all the time watch out with exterior messages and invitations that you simply to obtain on Microsoft Groups. Although it sort of feels adore it is from anyone you understand, it’s best to double-check, particularly if it comes to a document, a hyperlink or a call for participation to a talk you weren’t anticipating to obtain.
Will have to Microsoft be doing extra to forestall phishing and impersonation scams on Groups? Tell us by way of writing us at Cyberguy.com/Contact.
For extra of my tech pointers and safety signals, subscribe to my loose CyberGuy Record E-newsletter by way of heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Apply Kurt on his social channels:
Solutions to probably the most requested CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
