Threat actors have been spotted exploiting Microsoft Teams’ external access feature—enabled by default—allowing users to add external members to Teams chats. An AT&T customer identified an unsolicited Teams chat from an external user, suspected to be a phishing lure. It is recommended to disable External Access in Microsoft Teams unless it is necessary for daily business use.