Omni-Channel Phishing: Email, SMS, Teams and LinkedIn Combined

Phishing has moved far beyond the suspicious email from a distant relative. Today, attackers use a sophisticated method known as omni-channel phishing. This approach uses multiple communication platforms simultaneously to build trust and deceive employees. By coordinating messages across email, SMS, Microsoft Teams, and LinkedIn, criminals create a false sense of reality that is much harder for the average person to spot.

What Is Omni-Channel Phishing and Why Is It More Effective?

Omni-channel phishing is a coordinated attack where a fraudster contacts a target through several different apps or services. In the past, if you received a strange email, you might ignore it. However, if you receive a professional-looking LinkedIn connection request, followed by a Microsoft Teams message, and then an email, the repetition makes the request seem legitimate.

This works because it exploits our tendency to trust multi-step verification. If a "colleague" contacts you on Teams to say they’ve sent an important document to your email, you are statistically far more likely to open that email attachment without thinking. The attacker is not just sending a link; they are building a digital relationship across the platforms you use every day.

How Does a Multi-Platform Phishing Attack Work?

A typical omni-channel attack follows a logical sequence designed to lower your guard. It often begins on a public platform like LinkedIn. An attacker creates a fake profile that looks like a recruiter or a senior executive at a partner company and sends a connection request.

Once connected, they might send a brief message about an "exciting project." A few hours later, they might move to a more private channel, like an SMS (often called "smishing") or a message on Microsoft Teams, claiming they have sent the project brief to your work email. By the time you open your inbox, you have already interacted with the "person" twice on other apps. You feel like you know them, so when the email arrives with a malicious link or a login prompt, you click it. This cross-platform consistency is the core of the deception.

Why Are UK Businesses Targeted via Teams and LinkedIn?

UK organisations are particularly vulnerable because of the high adoption of remote working and cloud-based collaboration tools. When staff work away from a central office, they rely heavily on digital notifications. Attackers know that a Teams message carries more "weight" than a random email because Teams is perceived as a closed, secure corporate environment.

The shift toward AI Pipelines in the Cloud and Virtual Desktop Infrastructure (VDI) has also changed the landscape. If an attacker gains your login details via a fake LinkedIn prompt, they don't just get your emails; they potentially gain access to the entire cloud environment where your "AI employees" and company data reside.

How Can You Identify an Omni-Channel Attack?

Spotting these attacks requires looking at the "why" and "how" of the communication rather than just the content.

• Verify the Identity: If a senior leader or a new contact reaches out across three different apps for one simple task, be suspicious. Directness is normal in business; excessive "follow-ups" across different platforms are a common red flag.

• Check the Links: Regardless of where the message comes from, always hover over links to see the true destination. Attackers often use URL shorteners or slightly misspelled domain names to hide their intent.

• Out-of-Band Confirmation: If you receive a request for sensitive information or a password reset, contact the person through a known, trusted method. Call them or start a completely new message thread rather than replying to the one they started.

As businesses continue to use AI Employees to manage routine tasks, these digital workers can also be targets. Ensuring that both human and non-human workers are trained to recognise these multi-step threats is the best way to keep a company's data safe.