We’ve seen a few cases this week of Microsoft Teams calls coming from accounts labeled: Tag: External — “Help Desk”

If the user picks up, the goal is to walk them through installing a remote access tool.

Worth flagging if you manage M365 environments. Any unsolicited Teams call marked External should be treated as suspicious, no matter what the display name says.

Anyone else seeing this lately?