A new combination ransomware threat involves malicious actors first email bombing then posing as tech support via Microsoft Teams. More than 15 incidents using these tactics have been observed by Sophos MDR in the past three months. In order to successfully pose as IT support, the attackers spam the targeted employee’s inbox with a large number of messages. Then, the employee receives a call from tech support through Microsoft Teams, requesting remote access to the employee’s system to solve the problem. The caller is actually the threat actor, and the employee then gives the actor access to their system. 

Read more: https://www.helpnetsecurity.com/2025/01/21/ransomware-attackers-are-vishing-organizations-via-microsoft-teams-email-bombing/