Cyber security alert: ‘Scattered Spider’ and the rise of social engineering scams

In today’s digital age, cyber threats are evolving faster than ever and many of the most dangerous attacks don’t start with code, but with conversation. A sophisticated cybercriminal group known as Scattered Spider is using new, deceptive tactics to infiltrate organisations like yours. Their methods are bold, convincing, and often begin with something as simple as a message, email, or phone call.

It’s more important than ever that every team member stays alert. Here’s what you need to know and how to protect yourself and your organisation.

1. Fake chats in Microsoft Teams

One increasingly common method used by Scattered Spider is impersonating IT staff in collaboration tools like Microsoft Teams. These attackers may create accounts that look legitimate and reach out under the guise of offering help or support. The end goal? To trick you into approving unauthorised access or sharing sensitive information.

What to do:
If you receive a message asking you to approve a login or provide access, and it doesn’t feel right don’t click anything. Instead, report it through the appropriate IT security channels.

2. MFA fatigue attacks

Multi-factor authentication (MFA) is a key security defense – but attackers are finding ways to exploit it through something called MFA fatigue. This involves bombarding users with endless MFA approval requests in the hope that, eventually, they’ll click “Approve” out of habit or frustration.

What to do:
If you’re seeing multiple MFA prompts that you didn’t initiate, stop and investigate. Do not approve any requests unless you’re absolutely sure it was triggered by you. Follow your company’s MFA procedures and report unusual activity right away.

3. Suspicious access requests via text or email

Some scams come in the form of texts or emails, seemingly urgent, asking you to approve access to company systems or data. These messages may look official but are designed to bypass security protocols.

What to do:
Always be skeptical of access requests outside your normal process. If in doubt, pick up the phone and call your IT team directly to verify.

Social engineering doesn’t stop at your inbox. Attackers may actually call, pretending to be someone from your internal IT department. They might ask you to reset your password, share MFA codes, or install remote access tools.

What to do:
If a call feels off, it probably is. Never share passwords or codes over the phone and never install software unless you’re 100% sure it’s from your verified IT department.

4. Lookalike links and spoofed URLs

Scammers are getting better at creating lookalike domains that mimic real company URLs often including keywords like “SSO” or the company name to seem trustworthy.

What to do:
Before clicking any link or downloading a file, hover over it to check the URL. If something looks strange, don’t engage. When in doubt, go directly to the official website or contact your IT team for verification.

5. Fake IT messages

You might see a message or email warning you that your device is “out of compliance” or telling you to “reset your password to stay secure.” These urgent requests are designed to push you into action before you stop to think.

What to do:
Take a breath. Always verify the sender before following instructions or installing anything.

Quick Safety Reminders

To wrap up, here are some simple but powerful practices that help protect you and your company:

  • Always double-check usernames and email addresses.

  • Never share your password or MFA codes via chat, text, or email.

  • Only follow instructions from verified company IT channels.

  • If something feels off, report it — better safe than sorry.

  • Trust your instincts. If it seems suspicious, it probably is.

Stay smart. Stay secure.

Cyber security is a team effort. By staying alert and following these simple steps, you can help keep your organisation safe from even the most sophisticated threats. If you ever feel unsure about a message, call, or link, don’t hesitate to reach out to your IT team.

If you are concerned about your organisation’s cyber security setup, click here to get in touch with inTEC! We can help.

Let’s stay vigilant – together.