Stay vigilant against spoofed Teams calls and messages
13 Jul 2026
Colleagues are urged to remain alert to a growing cyber security threat involving spoofed Microsoft Teams calls and chat messages.
Across the higher education sector, attackers are increasingly using collaboration platforms such as Microsoft Teams as part of social engineering attacks. This is a natural evolution of the email spoofing and phishing techniques that many of us have become familiar with over recent years.
As we become better at recognising suspicious emails, cyber criminals are adapting their tactics. Rather than relying solely on email, they are increasingly using calls and chat messages that appear to come from trusted colleagues, suppliers or support teams. While the technology has changed, the objective remains the same: to gain your trust and persuade you to reveal information, approve a request or take an action that could compromise you or the University.
What to look out for
Be cautious if you receive an unexpected Teams call or message that:
- creates a sense of urgency or pressure to act quickly
- requests sensitive information or access to systems
- asks for passwords, 2-factor authentication codes or financial information
- comes from an external user you do not recognise
- seems unusual or out of character for the sender.
Remember: IT Services will never ask you for your University password or a 2-factor authentication code. Similarly, any requests relating to payments or financial approvals should always follow established University processes.
Stop, Think, Verify
The same advice we apply to suspicious emails should be applied across all communication channels, including Teams, WhatsApp, SMS and phone calls – whether for work or in your personal life.
- Stop – Pause before responding or sharing information
- Think – Consider whether the request is genuine and expected
- Verify – Confirm the request through a trusted route, such as contacting the individual directly using known contact details
If you receive a suspicious Teams call or message
- Do not provide information or credentials.
- End the conversation if you are unsure about its legitimacy.
- Capture any relevant details or screenshots where possible.
- Report the incident to IT Services by contacting the IT Support Centre, or by sending the information to our usual phishing reporting email address (phishing@manchester.ac.uk).
Additional resources
- University Email Phishing page - guidance on recognising and reporting phishing emails
- University Data Protection and Cyber Security training - core training for protecting University information.
- University Phishing Basics awareness course - a short course to help you spot common phishing techniques. You can take it as many times as you like!
