Teams OAuth phishing and persistent access: are your controls keeping up?

TL;DR: A Teams-themed phishing campaign uses spoofed meeting invites, a fake Microsoft login path, and OAuth consent to bypass MFA, persist after password changes, and keep access visible as legitimate in audit logs, according to Abnormal AI.

NHIMG editorial — based on content published by Abnormal AI: Microsoft Teams OAuth phishing that abuses trusted meeting invites and OAuth consent

By the numbers:

• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes and as quickly as 9 minutes in some cases.
• AI-related credential leaks surged 81.5% year-over-year in 2025, with the surrounding AI infrastructure leaking 5x faster than core LLM providers.
• 28% of secrets incidents now originate outside code repositories, in Slack, Jira, and Confluence, and are 13% more likely to be categorised as critical than code-based leaks.

Questions worth separating out

Q: How should security teams govern OAuth consent in Microsoft 365 environments?

A: Security teams should restrict user consent, require verification for high-privilege scopes, and review granted apps like any other access entitlement.

Q: Why do phishing campaigns that use OAuth bypass traditional MFA controls?

A: They bypass MFA because the attacker is not reusing the user’s password.

Q: What breaks when malicious calendar invites are only handled as email threats?

A: The attack window stays open because the calendar item can survive after the email is removed.

Practitioner guidance

• Inventory and restrict OAuth consent paths Limit user consent to verified applications, require admin approval for high-risk scopes, and review which tenants can grant maintain access permissions without security oversight.
• Monitor for suspicious Teams and calendar lure patterns Detect external sender aliases, meeting invites that point to unexpected redirect chains, and .ics or embedded events that remain after the source email is removed.
• Review OAuth grants as part of access governance Add third-party app permissions to recertification, offboarding, and privilege review workflows so a password reset does not leave a live token behind.

What's in the full article

Abnormal AI's full research covers the operational detail this post intentionally leaves for the source:

• The exact redirect chain from the Teams-branded lure into the fake Microsoft consent flow.
• The specific OAuth permissions requested by the malicious app and how those scopes enable mailbox access.
• The calendar-remediation mechanics the vendor says it uses to remove malicious events while preserving legitimate meetings.
• The message and URL indicators that help distinguish this campaign from routine Teams notifications.

👉 Read Abnormal AI's analysis of Microsoft Teams OAuth phishing and persistent access →

Teams OAuth phishing and persistent access: are your controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →