How to Investigate a Phishing Message in Teams?

0
7
Asked By TechieNerd42 On

I've encountered a phishing message in Teams that appears to come from someone in the existing chat. The user claims they didn't send it. I'm trying to figure out where to start in identifying the cause. I checked the user's sign-in logs and didn't see any unusual sign-in locations. Could the problem be malware on their device?

2 Answers

Answered By SecuritySleuth7 On

What exactly did the message say? Also, do you have strict controls over what apps users can access? It's possible that the user granted unnecessary permissions to some AI meeting tool that has too much control over Teams and Exchange. Additionally, consider how well users secure their own workstations. In my office, if someone leaves their workstation unlocked, we change their background to something ridiculous as a reminder! If you're able to query Teams logs with PowerShell, you should see who sent the message. I’ve seen this happen when users share devices during meetings or give access to sketchy applications.

UserSecurity123 -

Is there a way to check what apps a user has granted permissions to?

Answered By CloudGuru88 On

You might want to check where the specific message originated from, like the client or IP address. It’s probably possible to query that info. Even if you don’t use Teams anymore, here’s a good approach: Rotate their password, revoke all sign-in sessions, and consider wiping their device. Those steps will help secure the account.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.