NEWS
KnowBe4 Takes Its Phishing Fight Into Microsoft Teams Chat
KnowBe4, a security-awareness training and email-defense vendor, has built its phishing detection into Microsoft Teams chat, opening a new front in the fight over a tool most office workers treat as safe internal ground. The product, called KnowBe4 Messaging Security, scans messages from outside an organization for signs of impersonation, credential theft and social engineering, and it reaches general availability in June 2026.
The launch lands as attackers shift their sharpest lures off email and into chat windows, where a message that looks like it came from the IT help desk gets clicked faster and questioned less. KnowBe4 is not the only vendor racing to cover that gap.
KnowBe4 Brings Threat Detection Into Teams Chat
The new offering watches conversations that originate outside the business and flags the patterns that usually mean trouble: a stranger posing as a manager, a fake password reset, a link engineered to harvest login details. It also inspects how Teams itself is set up, using a posture-monitoring feature that surfaces risky configurations and tells administrators how to lock them down.
- Monitoring of external messages to catch phishing and social-engineering attempts as they arrive
- Posture monitoring that scans for dangerous default Teams settings and recommends fixes
- A report-only mode that tests detection accuracy before automated blocking is switched on
- A shared global block list, so an actor flagged as malicious in email is blocked in chat too
- Risk classification tags and severity levels to help administrators triage flagged messages
KnowBe4 frames the tool as a way to keep collaboration moving rather than slow it down.
KnowBe4 Messaging Security has been launched with the goal of enhancing, not hindering, teamwork. This provides organisations with a single, unified console that seamlessly secures both email and chat environments, starting with Microsoft Teams.
That came from Greg Kras, chief product officer at KnowBe4, in the company’s launch announcement for unified email and chat security. It is not the firm’s first move into the platform; it shipped a Phish Alert Button for Teams in March 2026, letting employees report suspect chats the same way they already flag bad emails.
Why Attackers Moved From Inbox to Chat
Email defenses have hardened over two decades, so the people sending phishing lures went looking for softer ground. They found it in collaboration tools. A request that lands in a Teams thread carries an unearned air of legitimacy, because staff assume anything inside the company’s chat app has already cleared the gate. Short messages add urgency and cut the time someone spends second-guessing them.
The numbers behind that shift are getting harder to ignore.
- 77% of one tracked Teams social-engineering campaign hit executives, managers and directors in March 2026, up from 59% across January and February, according to KnowBe4 research on faster phishing attacks aimed at senior staff through Teams.
- 12 minutes was the fastest recorded gap between a first chat message and an attacker running malicious scripts on a target’s machine.
- Mid-2024 is roughly when researchers say the group tracked as Storm-1811 began running Teams voice-phishing, spinning up fraudulent Microsoft 365 tenants to call employees directly.
Voice phishing (vishing, a phone- or call-based version of the same con) has become a signature of these campaigns, with attackers ringing staff over Teams while posing as support technicians. United States federal investigators have also warned that criminals are actively hijacking Microsoft Outlook, Teams and 365 logins, a sign the problem now reaches well beyond a handful of niche operators.
The throughline is trust. The very thing that makes Teams useful, the assumption that a ping from a coworker is genuine, is what makes it dangerous when an outsider gets a foot in the door.
The Default Setting That Opens The Door
What makes Teams an easy mark is rarely the software. It is a setting. Many organizations leave external access open enough that someone outside the company can start a chat with an employee, and attackers lean on that to impersonate colleagues, vendors or help-desk staff. KnowBe4’s posture-monitoring feature scans for exactly these loose configurations and steers administrators toward tighter controls.
Microsoft’s own incident responders reached the same conclusion after investigating a Teams support-call compromise. Their analysis of how a Teams call led to a network breach is blunt about the fix: restrict inbound messages from unmanaged Teams accounts, allow contact only from a vetted list of trusted external domains, and switch off remote-control tools such as Quick Assist where staff do not need them. In that case, one granted remote session was all it took for the intruder to move from a friendly call to hands-on-keyboard control.
A Whole Industry Is Rebuilding Around Chat
KnowBe4 is moving with the market, not ahead of it. Across the security business, **the entire email-security industry is repackaging itself around chat**, treating Teams, Slack, Zoom and Google Chat as one continuous attack surface rather than a side channel. The pitch is consistent: the controls that took years to mature for email now have to follow employees into every place they talk.
The vendor responses already on the table show how crowded that lane has become.
| Vendor | Collaboration coverage | Approach |
|---|---|---|
| KnowBe4 | Microsoft Teams | Email-style detection, posture monitoring, shared block list with email |
| Mimecast | Teams, Slack, Zoom, WebEx | Collaboration security tied to a human-risk-management platform |
| Check Point | Teams, Slack, SharePoint, Google Workspace | Workspace Security spanning email and collaboration apps |
| Abnormal Security | Microsoft 365 collaboration tools | API-native behavioral AI targeting BEC and account takeover |
Mimecast lays out its case in a guide to collaboration threat protection for messaging platforms, while Check Point makes a similar argument in its workspace security positioning across email and chat. Each is chasing the same realization: business email compromise (BEC, a fraud where attackers impersonate trusted parties to redirect money or data) and account takeover do not stop at the inbox, so neither can the defense.
What A Detection Layer Catches, And What It Misses
A filter inside Teams will catch a lot. Known-bad domains, recycled phishing kits, the obvious help-desk impostor, all of that becomes easier to spot when an automated system is reading external messages and assigning risk scores. The report-only mode helps too, letting security teams measure false positives before they flip on blocking and start interrupting real work.
But the harder problems sit outside any product. **A detection layer cannot fix a setting an administrator left open**, and it cannot retrain the instinct that makes a busy employee trust a Teams ping more than a cold email. That is why layered defense keeps surfacing as the answer rather than any single tool.
One KnowBe4 customer made the point about its email product, KnowBe4 Defend, though the logic carries straight over to chat. “We recognised that one layer is not enough to detect and neutralise the numerous advanced phishing threats targeting GMMH day-to-day work,” said Kevin Orritt, cyber security manager at GMMH. He credited the tool’s clickable warning banners with sharpening staff awareness over time, a reminder that the human layer and the technical layer are supposed to reinforce each other.
If the detection net and the configuration cleanup arrive together, the chat window gets meaningfully harder to weaponize. If buyers treat the new tool as a reason to leave Teams wide open at the settings level, attackers keep the easiest door they have found in years.
Frequently Asked Questions
What Is KnowBe4 Messaging Security?
It is a security product that extends KnowBe4’s phishing detection from email into Microsoft Teams chat. It monitors messages from outside an organization for impersonation, credential theft and social engineering, assigns risk tags and severity levels, and scans Teams settings for risky configurations through a posture-monitoring feature.
When Will The Teams Product Be Available?
KnowBe4 has said Messaging Security will reach general availability in June 2026. The company already shipped a related Phish Alert Button for Teams in March 2026, which lets employees report suspicious chat messages directly.
How Do Attackers Phish Through Microsoft Teams?
Attackers commonly pose as IT help-desk or support staff, contacting employees through chat or voice calls over Teams and pressuring them to share credentials or grant remote access. Some campaigns pair this with email bombing to create urgency, and researchers have recorded attackers moving from first contact to running malicious code in as little as 12 minutes.
How Can Administrators Reduce Teams External Access Risk?
Microsoft recommends restricting inbound messages from unmanaged Teams accounts, allowing contact only from a vetted list of trusted external domains, and disabling remote-control tools like Quick Assist where they are not needed. Enabling phishing-resistant multifactor authentication and monitoring who uses remote-assistance tools add further protection.
Does Email Security Already Cover Microsoft Teams?
Generally no. Traditional email gateways inspect the inbox, not chat, which is why vendors including KnowBe4, Mimecast and Check Point are now building separate coverage for collaboration platforms. A shared block list across email and Teams, like the one in KnowBe4’s new tool, is meant to close the gap so a bad actor flagged in one channel is blocked in the other.
KB5089573 Fixes Windows 11’s Patch Tuesday Reboot Fail
Drug Dealer Simulator 2 Bets on 60 FPS for Xbox Series S
Anthropic Hits $965B, and Microsoft Profits Either Way
Snowflake’s 34% Surge Pushes Cortex AI Into Microsoft 365
Microsoft Teams Efficiency Mode Targets Low-End Office PCs
FBI’s Kali365 Warning Puts Microsoft Admins on the Hook
Steins;Gate Re:Boot Launches First on Xbox and PC August 20
CISA Sets June 3 Deadline for Two of Six Defender Zero-Days
Ragnarok Console Project Joins Korea’s RPG Push to Xbox
Microsoft Says It’s Working to End Windows 11’s Account Mandate
Microsoft’s Copilot Super App Chases Its Own 450M Base
Windows 11 Low Latency Profile Lands in KB5089573 Update
Microsoft 365 Copilot Redesign Bets Big on In-App Adoption
GTA 6’s Xbox Title ID Surfaces in Microsoft’s Backend
Microsoft Build 2026 Skips Windows 12 for the AI Bet That Counts
MicrosoftSystem64 Malware Hides Stolen Data Inside HuggingFace
The Cat in the Hat: Rainy Day Mayhem Hits Consoles Oct 30
Bevaya Lands Insurance AI Agents Inside Teams and Outlook
Obsidian Splits The Outer Worlds Free Upgrade by Platform
Gravastar Bets a Decade on Fighting-Game JRPG Combat
-
MICROSOFT 3657 days agoMicrosoft’s Copilot Super App Chases Its Own 450M Base
-
NEWS1 week agoWindows 11 Low Latency Profile Lands in KB5089573 Update
-
MICROSOFT 3651 week agoMicrosoft 365 Copilot Redesign Bets Big on In-App Adoption
-
NEWS1 week agoGTA 6’s Xbox Title ID Surfaces in Microsoft’s Backend
-
NEWS1 week agoMicrosoft Build 2026 Skips Windows 12 for the AI Bet That Counts
-
NEWS1 week agoMicrosoftSystem64 Malware Hides Stolen Data Inside HuggingFace
-
NEWS1 week agoThe Cat in the Hat: Rainy Day Mayhem Hits Consoles Oct 30
-
NEWS7 days agoBevaya Lands Insurance AI Agents Inside Teams and Outlook