Skip to main content


Repost Message will copy the article into draft mode and enable you to edit/change dates and information.
Do not change the dates of this posting because it will affect the original.

MCC Daily Tribune

Tech Alert: Beware of Microsoft Teams Scam

Please be aware that Microsoft has identified a cybersecurity attack potentially affecting Teams users. The attack involves fake invites from companies purporting to be technical support entities so as to gain access to accounts by getting Teams users to approve multifactor authentication (MFA) prompts.

Don’t fall for this social engineering attack which is targeting government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.

  • Be skeptical about any new invitations to chat from outside of MCC.
    • Use some of the same context clues you would when determining if an email is legitimate, for example:
      • Do I have a relationship with this person or organization?
      • If I do, were we planning to coordinate via Teams?
  • Never accept any multi-factor authentication (MFA) request that you did not initiate.
  • You should never give anyone your MFA one-time passcode for your account.
  • Download and use the Microsoft Authenticator app for push notifications for MFA which provides a more secure sign-in experience than using texting or phone calls.
  • Never share account information or authorize sign-in requests over chat.
  • Review sign-in activity regularly through your My Account page – My Sign-Ins tab
    • Search for unsuccessful logins. This can indicate that you simply mistyped your credentials.
    • Look for login attempts from unfamiliar locations and at odd dates and times. If you see a note under Session Activity that says “additional verification failed, invalid code” this could mean that an attacker has your password, but MFA stopped them from accessing your account. In this case, you should change your password and contact Technical Support.

Remember. Do not share your password with anyone, inside or outside of MCC, and never use your MCC password for non-MCC systems.

If you think you provided access to your account to a phishing attacker in error, students should immediately notify the Student Technology Help Desk at TechnologyHelp@student.monroecc.edu and employees should contact the Employee Technology Support Center at 292-8324, option 3.

Ann Penwarden
Computing & Information Technology Services
08/29/2023