High riskEmail Scams

Teams Notification Email Scam

This scam emails a fake notification that you have a new Microsoft Teams or Slack message or missed call, linking to a fake login page that captures your work credentials.

Quick verdict

Risk level
High risk
Scam type
Collaboration tool impersonation phishing
Main red flag
An email says you have a new Teams or Slack message and links you to log in to read it.
What to do first
Do not use the link. Open Teams or Slack directly through the app.

What this scam usually looks like

This scam emails a fake notification that you have a new Microsoft Teams or Slack message or missed call, linking to a fake login page that captures your work credentials.

Example message pattern

Example pattern — not a real report
Example pattern: 'You have 2 new messages in Teams. Sign in to view them before they expire: [suspicious link]'

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • A message or missed-call notification urging you to log in
  • A login page that is not the official tool
  • Pressure that messages will expire
  • A sender address that is external or slightly off
  • Requests for your work credentials

What to do

  • Open Teams or Slack directly through the app, not the email
  • Verify messages within the official tool
  • Report the email to your security team
  • Enable multi-factor authentication on work accounts

If you already clicked or replied

  • If you entered your work login, tell IT and change it immediately
  • Enable multi-factor authentication and review sessions
  • Remove unknown connected apps
  • Alert colleagues who may have received it

What not to do

  • Do not log in through message-notification email links
  • Do not share work credentials
  • Do not ignore a possible compromise; report it

Similar scams

Frequently asked questions

Do Teams or Slack send login links by email?
Notifications may arrive, but you should open the official app to read messages, not log in through an email link. Treat such links as phishing.
Why target work logins?
Work credentials can unlock email, files, and company systems, enabling wider attacks. That makes them valuable to scammers.
I entered my login. What now?
Tell your IT or security team immediately, change your password, enable multi-factor authentication, and review sessions and connected apps.
How do I read messages safely?
Open the official Teams or Slack app directly and view messages there, ignoring email links.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.