Threat actors are exploiting Microsoft Teams' collaboration features to conduct social engineering attacks by impersonating IT departments or trusted partners. Attackers use external chat invitations, typosquatted domains, and compromised accounts to trick users into accepting malicious messages, leading to credential harvesting and account compromise. Techniques include federated communication with external tenants and leveraging impersonation protection warnings that users may overlook.
