Fake Procurement Scams on Microsoft Teams
Attackers use Microsoft Teams to pose as procurement staff of known organisations, issuing fake orders to obtain goods on credit or extract provider fees.
Part of: Fake Procurement Scams
Last reviewed: 1 June 2026
Where suppliers collaborate with buyers in Microsoft Teams, fake procurement scams can be delivered through chat. A message appearing to come from a procurement contact at a reputable organisation can move a fake order forward inside a space staff already trust.
The informality of Teams chat reduces the scrutiny a formal purchase order would face. A compromised account or an external guest using a recognisable organisation name can issue an order that a supplier acts on without independent verification.
How this scam works on Microsoft Teams
The attacker, using a compromised account or guest access, messages a supplier through Teams posing as a procurement officer for a known organisation. They describe a substantial order and share a purchase order document in chat.
They request goods on credit terms or steer the supplier toward an upfront cost, such as a fee to a logistics provider they control. The borrowed organisation name and the chat context reassure the supplier and discourage formal checks.
If the supplier ships, the goods reach an address the scammer controls and go unpaid; if a fee is paid, it is lost. The impersonated organisation is unaware until contacted about an order it never placed.
Common red flags
- A procurement contact issuing an order through a Teams chat
- An external-guest account using a known organisation name
- A purchase order shared only in chat
- Requests for goods on credit or an upfront fee to a named provider
- Delivery addresses inconsistent with the organisation's known sites
- Pressure to fulfil the order quickly
How to protect yourself
- Verify the order by calling the organisation on a known number
- Treat chat-shared purchase orders as easy to forge
- Run credit checks before supplying a new buyer on terms
- Restrict and label external-guest access in Teams
- Confirm delivery addresses against the organisation's known sites
- Be wary of any required upfront fee to a third party
How to report it
- Report the impersonating or compromised account to IT security
- Alert the genuine organisation being impersonated
- File a report with your national fraud or cybercrime centre
Frequently asked questions
A procurement officer placed a large order through Teams. Should we ship on credit?
Verify it first. A compromised account or guest can pose as a buyer in chat. Confirm the order by calling the organisation on an independently found number and run credit checks before shipping goods on credit.