Back in November, a customer reached out for help; what the Microsoft Detection and Response Team (DART) uncovered was an example of how phishing, or more specifically vishing, can still catch people out.
This wasn’t your usual phishing email. Instead, the attack was carried out through Microsoft Teams voice calls — also known as vishing. The attacker posed as IT support and targeted multiple employees, trying to gain access.
After two failed attempts, they successfully deceived one. They were convinced to grant remote access using Quick Assist, then the attack began.
Once inside, the attacker switched from talking to typing.
They guided the user to a malicious website, where they were prompted to enter their corporate login details into a fake form. From there, several malicious files were downloaded onto the device.
One of the first was a disguised installer file that looked legitimate. Behind the scenes, it used trusted Windows processes to quietly load a harmful file and establish communication with the attacker’s system.
After gaining that initial foothold, things became more advanced:
Over time, the attacker was able to harvest credentials and even hijack user sessions — giving them ongoing access without raising obvious red flags.
This wasn’t a smash-and-grab job. It was designed to blend in with normal business activity.
Here’s the uncomfortable truth: attacks like this work because they rely on people.
In busy workplaces, especially larger organisations, it’s completely normal to trust internal tools like Teams or respond quickly to “IT support” requests. Attackers know this — and they take advantage of it.
This particular attack combined multiple elements:
DART responded quickly once the breach was identified.
After confirming the attack came from a Teams-based vishing attempt, they were able to contain the damage and limit how far it spread.
This is a solid reminder that even the most advanced security tools can be bypassed if someone is convinced to open the door.
Security isn’t just about software — it’s about awareness, training, and knowing when something doesn’t feel quite right.
If your team uses platforms like Microsoft Teams daily, it’s worth making sure everyone knows what these attacks can look like.
