Case Study: A Microsoft Teams Call Impersonating IT Help Desk Personnel
- kellybridges7
- Nov 13
- 2 min read
Quick Thinking Foils a Black Basta-Inspired Teams Phishing Attempt
On November 6th, 2025 our security partner Arctic Wolf alerted us to a suspicious incident affecting several of our client's user accounts. Shortly after, seven employees reported receiving an unusual Microsoft Teams message, immediately followed by a call.
Based on the tactics observed, we suspect the threat actors were linked to or imitating the Black Basta ransomware group a known cybercrime operation that targets organizations by impersonating IT or help desk personnel. Their goal is often to convince users to grant remote access, allowing them to deploy malware or steal credentials.
During our investigation, we conducted multiple scans across all potentially affected devices. No vulnerabilities or malicious applications were detected. As part of immediate containment, we blocked the attacker’s domain and associated email addresses to prevent further contact attempts.
We were able to talk to a couple users to fully understand the incident. Each of the users reported the caller said they were calling on behalf of “Jeff” and needed to remote on to the user’s machine to run updates. The users were suspicious as the caller referred to the company's name via their initials (which an employee would do) but, in reverse order. Due to their suspicions the users each hung up the call without allowing them to access their device.
Even when it seems redundant, you can never reiterate enough the importance of vigilance when it comes to your company's assets. All seven of the employees in this case, proved they benefited from security training; even though the caller seemed to know a lot of inside details about their operation, they all knew to trust their instincts that it was safer to not continue the call!
Contact us for more information on how to ensure your team is ready to handle this type of situation in the future, as the cybercriminals are only getting better, and harder to detect!
