Researchers from Abnormal Security have observed at least two different attack campaigns involving Teams message impersonation. The phishing emails are very convincing-looking, with links that lead to landing pages that are identical to what a user would expect from a legitimate Teams page. The attackers have been using multiple URL redirects to throw off malicious link-detection tools and hide the actual URL of the domain that is being used to host the attacks. The attacks are not targeted and intentionally made to be generic by attackers so they could be sent to anybody.”]
Source: https://www.darkreading.com/cloud/fake-microsoft-teams-emails-phish-for-credentials