We’ve made collaboration seamless. Messages sent in seconds. Files shared mid-meeting. Faces on screen from anywhere in the world. Microsoft Teams and Zoom aren’t just tools—they’re infrastructure. They’re where decisions are made, strategies are shaped, and relationships are built.
But here’s the uncomfortable truth: while your team is busy getting work done, someone else might be watching.
Because behind the convenience and connectivity of these platforms is a growing opportunity for cybercriminals. A fake link in the chat. A spoofed voice on a video call. A rogue app quietly exfiltrating your data. These aren’t far-fetched scenarios—they’re what’s happening right now in businesses across the UK.
This blog isn’t about fear. It’s about clarity.
Because the more connected your workplace becomes, the more vulnerable it is to silent, subtle breaches—especially if no one’s questioning what’s hiding in plain sight.
Consider this your field guide to the modern collaboration threat landscape: the behaviours, blind spots, and believable attacks playing out across Teams, Zoom, and every other platform that’s become part of your daily routine.
This isn’t about what might happen. This is about what already is.
The Problem? We Trust These Tools Too Much
Teams and Zoom feel familiar. They’re the digital watercooler, the default for meetings, quick updates, and file drops. That’s what makes them powerful—and dangerously easy to misuse.
These platforms blur the line between formal and informal. A Teams message from your boss looks just like one from your friend in marketing. A Zoom invite from an external client appears identical to an internal one. We get used to the rhythm, the layout, the flow—and stop questioning the details.
And when something feels normal, we stop treating it like a threat. We assume that:
If we’re logged in, we’re safe.
If someone’s in the call, they’ve been vetted.
If a link appears in the chat, it must be part of the meeting.
But familiarity isn’t the same as security.
Cybercriminals thrive on patterns. They watch how we communicate, how we share, how we trust. And then they insert themselves quietly into the mix.
That assumption is exactly what cybercriminals rely on.
They don’t need to hack your firewall if they can hijack your meeting invite. They don’t need to write malware if they can impersonate your boss in chat. They don’t need to send you a phishing email if they can message you directly inside Teams.
Security Features Are There—But They’re Not Foolproof
To be clear, Microsoft Teams and Zoom do include robust security features. They’ve come a long way since the early days of remote work, with improvements like:
Multi-Factor Authentication (MFA): A critical layer that helps prevent unauthorised access, even if credentials are compromised.
End-to-End Encryption: Zoom now offers this for eligible calls, and Teams provides strong encryption in transit and at rest.
Admin Controls: IT teams can manage guest access, set meeting permissions, block file sharing, and monitor usage.
Suspicious Activity Alerts: Both platforms include security dashboards that can alert admins to strange behaviour—logins from unusual locations, repeated failed attempts, etc.
Waiting Rooms and Lobby Features: Designed to keep uninvited users from entering meetings without approval.
These tools work—as long as they’re used properly.
The problem? Many businesses don’t configure them correctly. Some don’t enable them at all. Others assume that once they’re switched on, the job is done.
Security features aren’t magical shields. They’re levers. And like any lever, they only work when someone’s actively pulling them, watching them, and teaching others how to use them.
Attackers don’t break through security settings. They go around them—by targeting the people who don’t realise the settings exist.
How the Threats Actually Work: Three Ways Attackers Break In
Let’s pull back and look at how these attacks actually happen. Nearly every tactic boils down to three things: abusing access, manipulating trust, and hiding in plain sight.
1. In-Platform Manipulation
Attackers know that if they can get inside the tools your team already trusts, they don’t need to work as hard. That’s why Microsoft Teams and Zoom are goldmines for phishing campaigns.
Inside Teams, threat actors often exploit compromised accounts—gained via password reuse, weak authentication, or breaches from other services—to send malicious messages that look internal. These messages might include:
A document link (“New HR Policy Update”) that leads to a credential harvesting site
A request to re-authenticate or reset your password, complete with a spoofed Microsoft login page
A shared file supposedly from a colleague, loaded with malware
Zoom users face similar tactics, often starting with fake calendar invites. These appear to come from internal domains and contain “Zoom links” that redirect to phishing pages or malware installers.
What makes this effective is that chat platforms have no traditional inbox layout or warning banners. There’s no pause to verify. The entire interaction is designed to feel immediate and informal. That’s where the danger lives.
2. Exploiting Meetings and Conversations
The shift to virtual meetings has created a new breed of social engineering. Unlike emails, which can be archived and reviewed, video and voice calls rely on attention in the moment—making manipulation faster and harder to spot.
Attackers may gain access to a meeting link via email compromise, shared calendar invites, or poorly secured recurring meetings. Once inside, they can do a lot more than eavesdrop. They can:
Record sensitive discussions without detection
Gather intelligence for future attacks (e.g., learning who approves payments, who shares what)
Drop malicious links into the chat under the guise of sharing a presentation or resource
In more sophisticated attacks, we’re seeing:
Deepfake audio that mimics trusted voices requesting urgent actions
Spoofed video feeds or screen names to impersonate colleagues
Fake “breakout room” tactics used to isolate and pressure a target in a smaller setting
The line between conversation and compromise has never been thinner. And once a fraudster has observed your habits, tone, or leadership style, they can replicate it—often convincingly enough to bypass your team’s gut instinct.
3. Hidden Threats Behind Integrations and Routine
The tools we bolt onto Teams and Zoom to boost productivity—chatbots, whiteboarding apps, task managers—also expand the attack surface. These integrations often request broad permissions: read chat history, manage calls, access files, view calendars, even act on behalf of a user.
If an attacker tricks an admin or user into installing a malicious app—or compromises a legitimate one—it becomes a backdoor with built-in access. These threats don’t rely on user error; they exploit over-trusted automation.
And once attackers are in, they start moving laterally. That means:
Exploring connected platforms like OneDrive, SharePoint, or Google Drive
Messaging others from a trusted user account, gaining further access
Pulling meeting recordings, transcripts, or file shares to understand your business flow
All of this can happen invisibly. There are no red warning screens or flashing alerts—just a slow creep of visibility and control by someone you didn’t invite in.
These threats work because they blend in with your normal workflows. Your team doesn’t get suspicious when a plugin they installed months ago accesses new data. They don’t panic when they see a familiar name in chat. And that’s exactly what attackers are counting on.
Why These Threats Keep Working
Because attackers don’t break systems—they break habits.
We’re wired to trust what we use every day. Platforms like Teams and Zoom feel like internal spaces—built for collaboration, not confrontation. That’s what makes them effective. They feel safe. Familiar. Unremarkable.
But that familiarity is the very thing attackers rely on.
When your team sees a message from a colleague, they don’t inspect the sender’s email domain. When someone shares a file mid-meeting, no one pauses to verify it. And when a tool behaves the way it’s always behaved, we assume everything is fine—because nothing feels wrong.
Digital collaboration tools reward urgency. They’re fast, informal, and always on. But cybersecurity depends on friction—on people taking a moment to question what they see, who they trust, and how they respond.
That’s where the disconnect lives: we’ve built seamless workflows around tools that can be silently weaponised. We’re not failing because we’re careless. We’re failing because the system is designed to be frictionless—and so are the attacks.
Until businesses treat chat messages, calendar invites, and screen shares with the same caution as email attachments or unknown links, these threats will keep working.
Not because the tech isn’t good enough. But because behaviour hasn’t caught up.
What Next?
If any of this feels uncomfortably familiar, that’s not a failing—it’s a sign of how seamlessly these tools have integrated into our working lives.
But cybersecurity isn’t about perfection. It’s about awareness. It’s about stepping back and asking better questions:
Do our staff know how to spot a fake meeting link?
Would they question a file sent during a video call?
Are our integrations and settings secure—or just convenient?
This isn’t a checklist to complete. It’s a mindset to adopt.
Because Teams and Zoom aren’t going anywhere. And neither are the threats. The real challenge is to match the pace of modern collaboration with the behaviour needed to stay safe inside it.
The next time someone drops a link, switches on a camera, or shares a file, don’t just respond—pause. Ask:
“Am I acting on trust, or just routine?”
That single question might be the difference between business as usual and a breach you didn’t see coming.
Stay alert. Stay human. And don’t confuse seamless with secure.
Final Thought
We’ve built our businesses on these platforms—and we’re not stopping. But we can’t afford to keep using them with the same level of unconscious trust. If we want to stay productive and protected, we need to close the gap between how we collaborate and how we defend ourselves.
This blog walked through:
Why these platforms feel safer than they are
The built-in security settings most businesses overlook
The real-world tactics attackers use—right inside your everyday workflows
How trust, habit, and routine make even smart teams vulnerable
Here’s the bottom line: your team doesn’t need to become cybersecurity experts. But they do need to see the risks where they’ve never been taught to look.
At Cyber Rebels, that’s our starting point. We don’t do fear. We do human-first, real-world, hands-on cybersecurity training that makes sense in the tools your people already use. The places where trust happens without thinking. Where breaches begin without warning.
We train your team to:
Spot in-platform phishing in tools like Teams
Handle unexpected behaviour on Zoom with confidence
Ask better questions before clicking, sharing, or downloading
Think like an attacker—so they stop acting like easy targets
Whether you want a quick awareness session, a full-day workshop, or a tailored programme for your sector, we can help.
Let’s make collaboration safer, without slowing anyone down.
Director of Training and Development, Cyber Rebels.
Andy Longhurst is the founder of Cyber Rebels and a cybersecurity practitioner and educator focused on how risk actually shows up in real organisations. His work sits at the intersection of digital safety, education, and practical risk management — helping teams understand not just what policies say, but what happens in the moments where decisions are made under pressure.
With a background spanning adult education, web development, and technical consultancy, Andy specialises in translating complex security concepts into clear, usable understanding. Rather than focusing solely on tools or compliance frameworks, his approach centres on human behaviour, judgement, and the systems that shape everyday choices.
He delivers live, interactive cyber awareness training for organisations of all sizes, from small businesses and education providers to public-sector teams and larger organisations operating in complex risk environments.
Outside of delivery, Andy spends his time analysing emerging attack patterns, refining training design, and exploring how organisations can build resilience that holds up in the real world — usually with a strategically sized cup of tea close to hand.
