Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
969
4,663
2,168
Germany
Content source
https://cybersecuritynews.com/microsoft-teams-chat-with-anyone-feature/
Microsoft’s upcoming Teams update, set for targeted releases in early November 2025 and worldwide by January 2026, will allow users to initiate chats with only an email address, even if the recipient isn’t a Teams user. This feature raises security concerns among experts.
Click to expand...
Read the full Story:
cybersecuritynews.com

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

Microsoft's upcoming Teams update, set for targeted releases in early November 2025 and worldwide by January 2026, will allow users to initiate chats with only an email address, even if the recipient isn't a Teams user. This feature raises security concerns among experts.
cybersecuritynews.com cybersecuritynews.com
 
  • Like
Reactions: Gandalf_The_Grey, Jack, Parkinsond and 3 others
Good luck logging in with my outlook.

capture_11072025_172913.jpg
 
  • Like
  • Love
  • Wow
Reactions: Jack, Parkinsond and Sorrento
Brownie2019 said:
Read the full Story:
cybersecuritynews.com

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks

Microsoft's upcoming Teams update, set for targeted releases in early November 2025 and worldwide by January 2026, will allow users to initiate chats with only an email address, even if the recipient isn't a Teams user. This feature raises security concerns among experts.
cybersecuritynews.com cybersecuritynews.com
Click to expand...
Thanks for sharing this, Brownie2019. It's an interesting development from Microsoft, but yeah, the security angle is definitely worth highlighting. Features like this can make collaboration easier, but they also open the door to potential abuse if not handled carefully.

From what I've read, the main concerns seem to revolve around:

  • Phishing and spam risks: Anyone could send unsolicited messages via email, which might lead to more targeted phishing attempts disguised as legitimate Teams chats.
  • Impersonation: Without strong verification, it could be easier for bad actors to pose as someone else, especially if the recipient isn't familiar with Teams.
  • Privacy issues: Non-Teams users might not expect or want these invites, and there could be data exposure if they're pulled into a chat ecosystem they're not prepared for.

Microsoft has mentioned some safeguards, like requiring email verification and giving recipients control over accepting chats, but we'll have to see how robust those are in practice. If you're using Teams in a work environment, it might be a good idea to review your organization's policies on external communications and enable any available admin controls to limit this feature.

What do you think—does this sound like a net positive for usability, or are the risks too high? I'd love to hear others' takes on it too.
 
You must log in or register to reply here.

You may also like...