{"id":3688218,"date":"2026-04-28T12:04:46","date_gmt":"2026-04-28T16:04:46","guid":{"rendered":"https:\/\/www.pymnts.com\/?p=3688218"},"modified":"2026-04-28T22:40:28","modified_gmt":"2026-04-29T02:40:28","slug":"hackers-pose-as-microsoft-support-to-breach-corporate-defenses","status":"publish","type":"post","link":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/","title":{"rendered":"Hackers Pose as Microsoft Support to Breach Corporate Defenses"},"content":{"rendered":"<p style=\"font-weight: 400;\">Hackers have begun impersonating\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/microsoft-teams\/log-in\">Microsoft Teams<\/a>\u00a0help desk workers to dupe victims into installing data-stealing malware.<\/p><div\r\n\tid=\"article-paywall-overlay\"\r\n\tclass=\"d-none\"\r\n>\r\n\t<div id=\"article-paywall-content\" class=\"my-4\">\r\n\t\t\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f2699550-o1\" lang=\"en-US\" dir=\"ltr\" data-wpcf7-id=\"2699550\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/wp-json\/wp\/v2\/posts\/3688218#wpcf7-f2699550-o1\" method=\"post\" class=\"wpcf7-form init pymnts-article-paywall-form\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"2699550\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.5\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f2699550-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/><input type=\"hidden\" name=\"_wpcf7_recaptcha_response\" value=\"\" \/>\n<\/fieldset>\n<div class=\"free-articles-prompt-intro\">\n\t<h2 class=\"mb-2\">Get the Full Story\n\t<\/h2>\n\t<p class=\"mb-4\">Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content \u2014 no additional logins required.\n\t<\/p>\n\t<div id='registrationContainer' class='container px-0'>\n\t\t<div class=\"row\">\n\t\t\t<div class=\"col-12 col-md-6\">\n\t\t\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"firstName\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required form-control border-secondary\" id=\"firstName\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"First Name*\" value=\"\" type=\"text\" name=\"firstName\" \/><\/span>\n\t\t\t\t<\/p>\n\t\t\t<\/div>\n\t\t\t<div class=\"col-12 col-md-6\">\n\t\t\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"lastName\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required form-control border-secondary\" id=\"lastName\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Last Name*\" value=\"\" type=\"text\" name=\"lastName\" \/><\/span>\n\t\t\t\t<\/p>\n\t\t\t<\/div>\n\t\t\t<div class=\"col-12 col-md-6\">\n\t\t\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"YourTitle\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required form-control border-secondary\" id=\"inputTitle\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Title*\" value=\"\" type=\"text\" name=\"YourTitle\" \/><\/span>\n\t\t\t\t<\/p>\n\t\t\t<\/div>\n\t\t\t<div class=\"col-12 col-md-6\">\n\t\t\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"YourCompany\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required form-control border-secondary\" id=\"inputCompany\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Company*\" value=\"\" type=\"text\" name=\"YourCompany\" \/><\/span>\n\t\t\t\t<\/p>\n\t\t\t<\/div>\n\t\t\t<div class=\"col-12 col-md-6\">\n\t\t\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"YourEmail\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email form-control border-secondary\" id=\"inputEmail\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Email*\" value=\"\" type=\"email\" name=\"YourEmail\" \/><\/span>\n\t\t\t\t<\/p>\n\t\t\t<\/div>\n\t\t\t<div class=\"col-12 col-md-6\">\n\t\t\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"YourCountry\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required form-control border-secondary\" id=\"inputCountry\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Country*\" value=\"\" type=\"text\" name=\"YourCountry\" \/><\/span>\n\t\t\t\t<\/p>\n\t\t\t<\/div>\n\t\t\t<div class=\"col-12 col-md-6\">\n\t\t\t<input class=\"wpcf7-form-control wpcf7-hidden\" id=\"inputEmailHidden\" value=\"\" type=\"hidden\" name=\"yourName\" \/>\n\t\t\t<input class=\"wpcf7-form-control wpcf7-hidden\" value=\"\" type=\"hidden\" name=\"email\" \/>\n\t\t\t<\/div>\n\t\t\t<div class=\"col-12\">\n\t\t\t\t<p><span class=\"wpcf7-form-control-wrap\" data-name=\"newsLetterChoice\"><span class=\"wpcf7-form-control wpcf7-checkbox me-1\" id=\"checkNewsletter\"><span class=\"wpcf7-list-item first last\"><input type=\"checkbox\" name=\"newsLetterChoice[]\" value=\"yes\" checked=\"checked\" \/><span class=\"wpcf7-list-item-label\">yes<\/span><\/span><\/span><\/span><span class=\"small\">Subscribe to our daily newsletter, PYMNTS Today.<\/span>\n\t\t\t\t<\/p>\n\t\t\t\t<p class=\"small lh-base\" style=\"font-size:.9rem;\">By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our <a class=\"fw-bold\" href=\"https:\/\/pymnts-com-develop.go-vip.net\/privacy-policy\/\">Privacy Policy<\/a> and <a class=\"fw-bold\" href=\"https:\/\/pymnts-com-develop.go-vip.net\/terms-conditions\/\">Terms and Conditions<\/a>.\n\t\t\t\t<\/p>\n\t\t\t\t<p><input id='hiddenPath' type='hidden' name='path' value='' \/><input type='hidden' name='userDeviceId' id='userDeviceId' \/><input type='hidden' name='pageTitle' id='pageTitle' \/>\n\t\t\t\t<\/p>\n\t\t\t<\/div>\n\t\t\t<div class=\"col-12\">\n\t\t\t\t<div id='formButtonRow' class='container mt-1 px-0'>\n\t\t\t\t\t<p><input class=\"wpcf7-form-control wpcf7-submit has-spinner btn btn-dark text-uppercase py-2 px-5 small\" id=\"theSubmitButton\" type=\"submit\" value=\"Submit\" \/>\n\t\t\t\t\t<\/p>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/div><input type=\"hidden\" name=\"post_id\" value=\"3688218\" \/><input type=\"hidden\" name=\"source\" value=\"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/\" \/><p style=\"display: none !important;\" class=\"akismet-fields-container\" data-prefix=\"_wpcf7_ak_\"><label>&#916;<textarea name=\"_wpcf7_ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label><input type=\"hidden\" id=\"ak_js_1\" name=\"_wpcf7_ak_js\" value=\"153\"\/><script>document.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );<\/script><\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n\r\n\t<\/div>\r\n<\/div>\r\n<div id=\"article-paywall-hidden-content\">\r\n\t\n<p style=\"font-weight: 400;\">That\u2019s according to\u00a0<a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/unc6692-social-engineering-custom-malware\">findings<\/a>\u00a0from Mandiant, the cybersecurity company owned by\u00a0<a href=\"https:\/\/www.google.com\/\">Google<\/a>, flagged in a\u00a0<a href=\"https:\/\/therecord.media\/microsoft-teams-hackers-mandiant\">report<\/a>\u00a0Monday (April 27) from The Record.<\/p>\n<p style=\"font-weight: 400;\">The campaign is from a threat group called UNC6692, and combines email flooding, phishing messages and malicious browser extensions to breach corporate systems, Mandiant said.<\/p>\n<p style=\"font-weight: 400;\">\u201cAs with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an account outside their organization,\u201d Mandiant said on its blog.<\/p>\n<p style=\"font-weight: 400;\">\u201cThe UNC6692 campaign demonstrates an interesting evolution in tactics, particularly the use of\u00a0<a href=\"https:\/\/www.pymnts.com\/tag\/social-engineering\/\">social engineering<\/a>, custom malware, and a malicious browser extension, playing on the victim\u2019s inherent trust in several different enterprise software providers.\u201d<\/p>\n<p style=\"font-weight: 400;\">According to Mandiant, the operation starts with a surge of emails designed to overwhelm the target inbox. From there, the attacker will make contact via Microsoft Teams using an account outside the victim\u2019s organization, pretending to be an IT support worker and offering to help fix the email disruption.<\/p><div id=\"pymnt-4000634794\" class=\"pymnt-content pymnt-entity-placement\" style=\"margin-top: 50px;\"><p style=\"text-align:center\">Advertisement: Scroll to Continue<\/p><script async type=\"text\/javascript\" id=\"dianomi_context_script\" src=\"https:\/\/www.dianomi.com\/js\/contextfeed.js\"><\/script> \r\n<div class=\"dianomi_context\" data-dianomi-context-id=\"4329\"><\/div><\/div>\n<p style=\"font-weight: 400;\">The hacker will tell the victim to install what seems to be a \u201cpatch\u201d designed to stop the spam, but is actually a gateway to installing a malicious browser extension called SnowBelt. SnowBelt, Mandiant says, gives attackers a back entrance to hold on to access to corporate accounts and move within their systems without needing to repeatedly authenticate their presence.<\/p>\n<p style=\"font-weight: 400;\">These attacks are part of a larger trend PYMNTS covered last week, one that sees <a href=\"https:\/\/www.pymnts.com\/cybersecurity\/2026\/the-cyber-insecurity-list-why-hackers-are-logging-in-not-breaking-in\/https:\/www.pymnts.com\/cybersecurity\/2026\/the-cyber-insecurity-list-why-hackers-are-logging-in-not-breaking-in\">hackers<\/a>\u00a0\u201clogging in\u201d\u00a0rather than breaking in.<\/p>\n<p style=\"font-weight: 400;\">\u201cCybercriminals ranging from state actors to industrialized\u00a0<a href=\"https:\/\/www.pymnts.com\/tag\/ransomware\/\">ransomware<\/a>\u00a0syndicates are converging on the same strategic truth: the shortest path into a target is often through the digital relationships that help the target function,\u201d that report said.<\/p>\n<p style=\"font-weight: 400;\">The fulcrum of enterprise cybersecurity is no longer the company laptop or data center,&#8221; PYMNTS added. It is the\u00a0<a href=\"https:\/\/www.pymnts.com\/news\/artificial-intelligence\/2026\/ai-moves-saas-subscriptions-consumption\/\">software-as-a-service<\/a>\u00a0layer between employees and the systems that matter most. These vulnerabilities have gone from being side channels to the main terrain.<\/p>\n<p style=\"font-weight: 400;\">That shift can be seen in some of the most consequential criminal operations so far this year.<\/p>\n<p style=\"font-weight: 400;\">These include the exposure of the FBI director\u2019s personal inbox, a\u00a0<a href=\"https:\/\/www.pymnts.com\/legal\/2026\/ai-startup-mercor-faces-lawsuit-over-data-breach\/\">breach<\/a>\u00a0at\u00a0<a href=\"https:\/\/www.mercor.com\/\">Mercor<\/a>\u00a0\u2014 an AI data vendor to\u00a0<a href=\"https:\/\/openai.com\/\">OpenAI<\/a>,\u00a0<a href=\"https:\/\/www.anthropic.com\/\">Anthropic<\/a>, and\u00a0<a href=\"https:\/\/business.facebook.com\/\">Meta<\/a>\u00a0\u2014 and a wide-ranging\u00a0<a href=\"https:\/\/www.salesforce.com\/\">Salesforce<\/a>-centered extortion wave tied to the combined capabilities of multiple hacking groups.<\/p>\n<p style=\"font-weight: 400;\">\u201cTaken together, these are not just breaches,\u201d PYMNTS wrote. \u201cThey are signals. And the signal is clear: the architecture of digital risk has fundamentally changed.\u201d<\/p>\n\r\n<\/div>\r\n<script>\r\n\twindow.pymntsAllowedArticleCount = 2;\r\n\twindow.pymntsPostID = 3688218;\r\n<\/script>","protected":false},"excerpt":{"rendered":"<p>Hackers have begun impersonating\u00a0Microsoft Teams\u00a0help desk workers to dupe victims into installing data-stealing malware. Get the Full Story Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content \u2014 no additional logins required. yesSubscribe to our daily newsletter, PYMNTS Today. By completing this form, you agree to receive marketing [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2077547,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4032],"tags":[4055,9617,4203,4205,4292,4220,9206,133069,5299,10835],"class_list":["post-3688218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-and-risk","tag-b2b","tag-b2b-payments","tag-cybersecurity","tag-hackers","tag-malware","tag-microsoft","tag-news","tag-pymnts-news","tag-whats-hot","tag-whats-hot-in-b2b"],"acf":{"suggested_titles":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.2 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Hackers Pose as Microsoft Support to Breach Corporate Defenses<\/title>\n<meta name=\"description\" content=\"Hackers have begun impersonating Microsoft Teams help desk workers to dupe victims into installing data-stealing malware.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Pose as Microsoft Support to Breach Corporate Defenses | PYMNTS.com\" \/>\n<meta property=\"og:description\" content=\"Hackers have begun impersonating\u00a0Microsoft Teams\u00a0help desk workers to dupe victims into installing data-stealing malware. That\u2019s according\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/\" \/>\n<meta property=\"og:site_name\" content=\"PYMNTS.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/pymnts\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/pymnts\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-28T16:04:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-29T02:40:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.pymnts.com\/wp-content\/uploads\/2024\/08\/cyberattacks-hackers-cybersecurity.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"PYMNTS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@pymnts\" \/>\n<meta name=\"twitter:site\" content=\"@pymnts\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/\"},\"author\":{\"name\":\"PYMNTS\",\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#\\\/schema\\\/person\\\/9f0152ca483ca33a5d8121739eadfe4b\"},\"headline\":\"Hackers Pose as Microsoft Support to Breach Corporate Defenses\",\"datePublished\":\"2026-04-28T16:04:46+00:00\",\"dateModified\":\"2026-04-29T02:40:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/\"},\"wordCount\":434,\"publisher\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pymnts.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/cyberattacks-hackers-cybersecurity.jpg\",\"keywords\":[\"B2B\",\"B2B Payments\",\"Cybersecurity\",\"Hackers\",\"malware\",\"Microsoft\",\"News\",\"PYMNTS News\",\"What's Hot\",\"What's Hot In B2B\"],\"articleSection\":[\"Security &amp; Fraud\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2026\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/\",\"url\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/\",\"name\":\"Hackers Pose as Microsoft Support to Breach Corporate Defenses\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.pymnts.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/cyberattacks-hackers-cybersecurity.jpg\",\"datePublished\":\"2026-04-28T16:04:46+00:00\",\"dateModified\":\"2026-04-29T02:40:28+00:00\",\"description\":\"Hackers have begun impersonating Microsoft Teams help desk workers to dupe victims into installing data-stealing malware.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.pymnts.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/cyberattacks-hackers-cybersecurity.jpg\",\"contentUrl\":\"https:\\\/\\\/www.pymnts.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/cyberattacks-hackers-cybersecurity.jpg\",\"width\":1200,\"height\":720,\"caption\":\"cyberattacks, hackers, cybersecurity\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/news\\\/security-and-risk\\\/2026\\\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.pymnts.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hackers Pose as Microsoft Support to Breach Corporate Defenses\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#website\",\"url\":\"https:\\\/\\\/www.pymnts.com\\\/\",\"name\":\"PYMNTS.com\",\"description\":\"The latest global news and analysis in payments, retail, fintech, financial services and the digital economy.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.pymnts.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#organization\",\"name\":\"PYMNTS\",\"url\":\"https:\\\/\\\/www.pymnts.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.pymnts.com\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/PYMNTS_2023_logo_black-1.png\",\"contentUrl\":\"https:\\\/\\\/www.pymnts.com\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/PYMNTS_2023_logo_black-1.png\",\"width\":3329,\"height\":687,\"caption\":\"PYMNTS\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/pymnts\\\/\",\"https:\\\/\\\/x.com\\\/pymnts\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.pymnts.com\\\/#\\\/schema\\\/person\\\/9f0152ca483ca33a5d8121739eadfe4b\",\"name\":\"PYMNTS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=96&d=blank&r=g\",\"caption\":\"PYMNTS\"},\"description\":\"The latest global news and analysis in payments, retail, fintech, financial services and the digital economy.\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/pymnts\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/pymnts-com\",\"https:\\\/\\\/x.com\\\/pymnts\"],\"url\":\"https:\\\/\\\/www.pymnts.com\\\/author\\\/pymnts\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Hackers Pose as Microsoft Support to Breach Corporate Defenses","description":"Hackers have begun impersonating Microsoft Teams help desk workers to dupe victims into installing data-stealing malware.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Pose as Microsoft Support to Breach Corporate Defenses | PYMNTS.com","og_description":"Hackers have begun impersonating\u00a0Microsoft Teams\u00a0help desk workers to dupe victims into installing data-stealing malware. That\u2019s according","og_url":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/","og_site_name":"PYMNTS.com","article_publisher":"https:\/\/www.facebook.com\/pymnts\/","article_author":"https:\/\/www.facebook.com\/pymnts","article_published_time":"2026-04-28T16:04:46+00:00","article_modified_time":"2026-04-29T02:40:28+00:00","og_image":[{"width":1200,"height":720,"url":"https:\/\/www.pymnts.com\/wp-content\/uploads\/2024\/08\/cyberattacks-hackers-cybersecurity.jpg","type":"image\/jpeg"}],"author":"PYMNTS","twitter_card":"summary_large_image","twitter_creator":"@pymnts","twitter_site":"@pymnts","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/#article","isPartOf":{"@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/"},"author":{"name":"PYMNTS","@id":"https:\/\/www.pymnts.com\/#\/schema\/person\/9f0152ca483ca33a5d8121739eadfe4b"},"headline":"Hackers Pose as Microsoft Support to Breach Corporate Defenses","datePublished":"2026-04-28T16:04:46+00:00","dateModified":"2026-04-29T02:40:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/"},"wordCount":434,"publisher":{"@id":"https:\/\/www.pymnts.com\/#organization"},"image":{"@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pymnts.com\/wp-content\/uploads\/2024\/08\/cyberattacks-hackers-cybersecurity.jpg","keywords":["B2B","B2B Payments","Cybersecurity","Hackers","malware","Microsoft","News","PYMNTS News","What's Hot","What's Hot In B2B"],"articleSection":["Security &amp; Fraud"],"inLanguage":"en-US","copyrightYear":"2026","copyrightHolder":{"@id":"https:\/\/www.pymnts.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/","url":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/","name":"Hackers Pose as Microsoft Support to Breach Corporate Defenses","isPartOf":{"@id":"https:\/\/www.pymnts.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/#primaryimage"},"image":{"@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/#primaryimage"},"thumbnailUrl":"https:\/\/www.pymnts.com\/wp-content\/uploads\/2024\/08\/cyberattacks-hackers-cybersecurity.jpg","datePublished":"2026-04-28T16:04:46+00:00","dateModified":"2026-04-29T02:40:28+00:00","description":"Hackers have begun impersonating Microsoft Teams help desk workers to dupe victims into installing data-stealing malware.","breadcrumb":{"@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/#primaryimage","url":"https:\/\/www.pymnts.com\/wp-content\/uploads\/2024\/08\/cyberattacks-hackers-cybersecurity.jpg","contentUrl":"https:\/\/www.pymnts.com\/wp-content\/uploads\/2024\/08\/cyberattacks-hackers-cybersecurity.jpg","width":1200,"height":720,"caption":"cyberattacks, hackers, cybersecurity"},{"@type":"BreadcrumbList","@id":"https:\/\/www.pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pymnts.com\/"},{"@type":"ListItem","position":2,"name":"Hackers Pose as Microsoft Support to Breach Corporate Defenses"}]},{"@type":"WebSite","@id":"https:\/\/www.pymnts.com\/#website","url":"https:\/\/www.pymnts.com\/","name":"PYMNTS.com","description":"The latest global news and analysis in payments, retail, fintech, financial services and the digital economy.","publisher":{"@id":"https:\/\/www.pymnts.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pymnts.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.pymnts.com\/#organization","name":"PYMNTS","url":"https:\/\/www.pymnts.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.pymnts.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.pymnts.com\/wp-content\/uploads\/2023\/05\/PYMNTS_2023_logo_black-1.png","contentUrl":"https:\/\/www.pymnts.com\/wp-content\/uploads\/2023\/05\/PYMNTS_2023_logo_black-1.png","width":3329,"height":687,"caption":"PYMNTS"},"image":{"@id":"https:\/\/www.pymnts.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/pymnts\/","https:\/\/x.com\/pymnts"]},{"@type":"Person","@id":"https:\/\/www.pymnts.com\/#\/schema\/person\/9f0152ca483ca33a5d8121739eadfe4b","name":"PYMNTS","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/679fcf5c2ed5358e99e8e23b22e3b5d761e37bdb76fa7b0e13d8ecd9ff01bf88?s=96&d=blank&r=g","caption":"PYMNTS"},"description":"The latest global news and analysis in payments, retail, fintech, financial services and the digital economy.","sameAs":["https:\/\/www.facebook.com\/pymnts","https:\/\/www.linkedin.com\/company\/pymnts-com","https:\/\/x.com\/pymnts"],"url":"https:\/\/www.pymnts.com\/author\/pymnts\/"}]}},"parsely":{"version":"1.1.0","canonical_url":"https:\/\/pymnts.com\/news\/security-and-risk\/2026\/hackers-pose-as-microsoft-support-to-breach-corporate-defenses\/","smart_links":{"inbound":0,"outbound":0},"traffic_boost_suggestions_count":0,"meta":[],"rendered":"","tracker_url":"https:\/\/cdn.parsely.com\/keys\/pymnts.com\/p.js"},"jetpack_featured_media_url":"https:\/\/www.pymnts.com\/wp-content\/uploads\/2024\/08\/cyberattacks-hackers-cybersecurity.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/posts\/3688218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/comments?post=3688218"}],"version-history":[{"count":3,"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/posts\/3688218\/revisions"}],"predecessor-version":[{"id":3688608,"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/posts\/3688218\/revisions\/3688608"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/media\/2077547"}],"wp:attachment":[{"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/media?parent=3688218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/categories?post=3688218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pymnts.com\/wp-json\/wp\/v2\/tags?post=3688218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}