Resources

How Hornetsecurity is tackling phishing threats in Microsoft Teams

Written by Edward Knox | Jul 10, 2025 9:52:32 AM

Cybersecurity never sits still. Threat actors are constantly seeking new ways to exploit targets – and there’s a new, growing weakness that needs addressing.

There’s been a rise in attacks that use Microsoft Teams for phishing. Teams is the world’s most popular business collaboration app, and phishing is used at some point in the vast majority of successful cyber-attacks.

It is therefore vital to address this potential vulnerability – and that’s why Hornetsecurity has launched Teams Protection.

Why Microsoft Teams is vulnerable to phishing attacks

Many end users are still unaware that phishing attacks can occur through Microsoft Teams – probably in part because it’s seen as an internal communication tool, which gives a false sense of security.

In fact, Teams can be and often is used to communicate externally, which makes it another potential phishing platform alongside email, SMS and the rest. While Endpoint Detection and Response (EDR) remains a critical component in defending against such threats, additional layers of protection like Hornetsecurity’s Teams Protection can significantly enhance overall security.

The risks are amplified by the fact that many organisations enable external access in Teams, which increases exposure to outside threats. With Teams phishing still relatively new, users often fail to recognise the signs of an attack. Worse, once an external contact is accepted, attackers can distribute malicious messages at scale, reaching large numbers of employees within minutes.

Phishing attacks in Microsoft Teams

One example of a targeted phishing attack in Teams was by threat actor Storm-0324, reported here by TechTarget.

Storm-0324 targeted businesses using Teams with external access enabled, sending phishing messages via Teams chats that contain malicious SharePoint links. According to Microsoft, the group acts as a delivery mechanism for ransomware operators, using messages that mimic legitimate payment or invoice notifications from services like DocuSign and QuickBooks. When clicked, these links download ransomware onto victims’ systems.

Strengthening security in Microsoft Teams

What is certain is organisations need to become more vigilant when it comes to Microsoft Teams protection. Endpoint Detection and Response (EDR) will continue to play a vital role in defending against phishing and malware attacks. But, EDR alone may not fully address the unique vulnerabilities within Microsoft Teams.

So, how can you effectively close these gaps? Organisations should look at implementing additional security layers specifically designed to monitor and protect collaboration platforms. One such solution is Hornetsecurity’s Teams Protection, which provides targeted, real-time threat detection, enhancing overall defence against evolving Teams-based threats.

Here’s what you need to know about Hornetsecurity’s latest feature …

Hornetsecurity’s Team protection

Hornetsecurity’s Teams Protection is a low-cost, high-value solution that acts as a complementary layer of defence for organisations using Microsoft Teams within Microsoft 365.

Designed to address the specific security challenges of collaboration platforms, this service uses advanced AI and machine learning to monitor Teams messages in real time, scanning for phishing links, suspicious attachments and potentially harmful URLs.

When a threat is detected, the service immediately alerts the end user within the Teams interface, with a typical warning message like …

Given that Teams is open to external communications, this added layer of security is crucial in mitigating exposure to external threats. The service is available to any organisation with a Microsoft 365 subscription and Teams access. Setup is simple, with customer-level administrators being able to activate the service through the control panel, which installs the AI Cyber Assistant app directly into the Teams tenant.

Here’s how Hornetsecurity’s Team Protection works …

  • If a conversation includes only internal users, the AI Cyber Assistant automatically joins the chat and posts a warning if needed within that conversation.
  • If any external participants are involved and a threat is detected, a warning is delivered privately to each internal user, maintaining discretion while ensuring awareness.

This smart, automated protection ensures threats are addressed quickly before they can spread or cause damage.

Staying ahead of Teams-based threats

As phishing tactics evolve, Microsoft Teams has become an unexpected but increasingly targeted attack vector. Hornetsecurity’s Teams Protection fills that critical gap by offering real-time, AI-driven threat detection specifically designed for Teams. With its seamless integration, proactive alerts, and ability to monitor both internal and external conversations, it allows organisations to stay one step ahead of attackers.

If you would like further details or to see Hornetsecurity Teams Protection in action, get in touch with us to book a demo.