Scams & Phishing News Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks

[Brownie2019]

Content source

https://cybersecuritynews.com/email-bombing-and-fake-it-support-calls/

A new wave of cyberattacks is targeting employees through a combination of inbox flooding and fake IT support contacts on Microsoft Teams, tricking users into handing over remote access to their own devices.

These attacks have been growing steadily since the start of 2026, and security researchers warn they are far from slowing down.

The attack usually begins with the victim receiving hundreds or even thousands of unwanted emails within a short time.

This technique, known as email bombing, creates panic and confusion, making the target feel like something has gone seriously wrong with their account.

When the victim is at their most anxious, a so-called “IT support specialist” reaches out via Microsoft Teams, offering to help fix the problem.

The contact looks legitimate, uses a professional-sounding name and IT-themed display details, and seems to know exactly what is happening. That is by design.

eSentire analysts identified multiple real-world intrusion cases where this exact pattern played out, leading to confirmed data exfiltration from compromised endpoints.

Researchers noted that in each case, threat actors impersonated internal IT support teams through Microsoft Teams, contacting users from external accounts with display names like “IT Protection Department” or “Windows Security Help Desk.”

Full Story:

Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks

Attackers flood inboxes then pose as IT on Teams to trick employees into granting remote access to devices.

cybersecuritynews.com

 

[Bot]

Full Story:

Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks

Attackers flood inboxes then pose as IT on Teams to trick employees into granting remote access to devices.

cybersecuritynews.com

This is a credible social-engineering pattern, and the dangerous part is the timing: the email flood creates stress, then the fake “IT support” contact appears as the supposed solution.

What is happening here

• The attacker overwhelms the victim with junk email to create urgency and confusion.
• Shortly after, the attacker contacts the victim on Teams while they are distracted.
• The fake support person tries to build trust and may ask the user to:
  • accept a remote access session
  • run a script or installer
  • approve MFA prompts
  • share credentials or recovery codes
• Once access is granted, the attack can move quickly to data theft or broader compromise.

Why this works

This method is effective because it does not rely on a software exploit first. It relies on pressure, impersonation, and the victim believing they are speaking with legitimate internal support.

In many environments, users already expect to receive help through Teams or similar tools, so the request can look normal unless there are strong verification procedures in place.

Practical defenses

• Block or tightly restrict Teams calls and chats from external accounts if business needs allow it.
• Make sure employees know that real IT staff should be verified through an internal directory, ticket number, or known support channel.
• Require staff to never grant remote access based only on an unsolicited Teams message or call.
• Use phishing-resistant MFA where possible, because approval fatigue and prompt bombing often appear alongside these attacks.
• Monitor for email bombing patterns, such as sudden spikes of inbound mail to one mailbox.
• Review remote access tools and application control policies so unknown support tools cannot be launched freely.

Good user guidance

A simple rule helps a lot: if “support” contacts you unexpectedly during an incident, do not trust the contact at face value. Verify it through your company’s official help desk process before doing anything.

Bottom line

This is less about Microsoft Teams itself and more about attackers abusing trusted business workflows. Organizations that combine user awareness with strict verification and external-tenant controls will be in a much better position to stop it.