Microsoft Delivered It. The Payload Was a Fake PayPal Phone Number.

The Teams notification looked routine. An external party had sent a guest invitation, which in a Microsoft 365 environment happens constantly: vendors, consultants, and partners send Teams invites all the time. The infrastructure that delivered this one was Microsoft's own.

Embedded in the invite card was a claim that the recipient's Microsoft Teams Premium subscription had been charged USD 759.98 for one year, ten users, via "Pay'PaI." Invoice ID: JS_7987. To dispute the charge, the recipient should call +1 (983) 220-2587.

There was no malicious link. There was no attachment. Every URL in the message resolved to a legitimate Microsoft domain. The entire payload was a phone number.

How Microsoft's notification pipeline became the delivery vehicle

The message headers show delivery from northeurope0.notifyp.svc.ms at IP 4.207.165.26, Microsoft's notification infrastructure for SharePoint, OneDrive, and Teams. SPF passed on a Microsoft-managed IP block. DKIM carried signatures from the sending relay and TEAMS.MAIL.MICROSOFT. DMARC passed.

The attacker controlled a tenant whose domain corresponds to a German-language legal entity, sent a guest invitation from that tenant, and let Microsoft handle delivery. Microsoft's infrastructure authenticated the message because Microsoft sent it.

Both the recipient's external-origin banner and the Teams template disclaimer ("The information shared above was not created by Microsoft") were present. Both are easy to miss on a message that looks like every other Teams invite.

The billing lure and its obfuscation

The claim borrowed PayPal's brand with a charge large enough to alarm but not large enough to dismiss outright: USD 759.98 for a "Teams Premium" subscription sounds plausible to someone unfamiliar with Microsoft licensing.

The brand names were obfuscated. "Pay'PaI" substituted capital I for the final lowercase l. "biIIing" replaced both lowercase l characters with capital I. In most typefaces the two characters are visually identical, so both read correctly to a human eye while defeating a keyword filter matching the real strings.

Invoice ID JS_7987 is attacker-fabricated. The callback number +1 (983) 220-2587 is not a PayPal contact. The 983 area code is unassigned in the North American Numbering Plan, a technical indicator unlikely to be checked before a recipient picks up the phone.

The link surface gave scanners nothing to find

A Microsoft Teams guest invitation carries links to login.microsoftonline.com (for the sign-in flow), invitations.microsoft.com (for the invite-response mechanism), aka.ms (Microsoft's link-shortener), and teams.microsoft.com. Automated analysis of this message resolved all of those links and reported them clean, because they are clean. They all go to Microsoft.

The problem is that the malicious content was not in a URL. This is callback phishing, also called telephone-oriented attack delivery (TOAD): the email exists only to manufacture urgency and deliver a phone number. The attacker's real operation begins when the victim calls. Once on the line, the script typically escalates through credential collection, remote access tool installation, or fraudulent wire authorization. The email does not carry the compromise. The phone call does.

That architecture is why link scanners, attachment detonation sandboxes, and URL reputation systems all produce clean results on this message. There is nothing to sandbox. The entire attack surface is a ten-digit phone number embedded in plain text.

Vishing as the second stage

Vishing (voice phishing) is the threat category that governs what happens when the victim calls +1 (983) 220-2587. The caller reaches an attacker, not PayPal. The conversation is designed to extract whatever the campaign is targeting: Microsoft credentials, a remote access session via a tool like AnyDesk or TeamViewer, or a gift card or wire transfer for a refund.

This campaign borrowed Microsoft's most trusted delivery channel to carry a PayPal billing claim. The recipient is in a Microsoft environment, received a Teams notification, and sees their PayPal account has been charged. The reflex is to call and fix it. That chain requires no suspicious link, no fake page, no unknown file. The delivery mechanism provided urgency with full Microsoft authentication behind it.

Indicators of compromise for the Teams-TOAD campaign

What detection required

Impersonation analysis had to go beyond authentication and link reputation. Every technical authentication signal said this message was legitimate. Every link destination was Microsoft. The detection required parsing the invite card text for financial claims, identifying the callback number as the payload, recognizing the homoglyph substitutions as obfuscation, and correlating the claimed service (PayPal billing inside a Teams notification) as an impossible combination for any legitimate transaction.

That reasoning is behavioral, not signature-based. A system that only checks URLs and authentication headers has no surface to work with on this message.

The FBI's IC3 2024 Internet Crime Report ranks phone-based fraud and vishing among the highest-loss categories. Verizon's 2026 Data Breach Investigations Report puts the human element in 62 percent of breaches. CISA advises that any unexpected financial claim in any communication channel should be verified through an official channel, not through contact information in the message itself.

See Your Risk: Calculate how many threats your SEG is missing

A secure email gateway that inspects URLs and authentication has nothing to act on here. IRONSCALES data shows SEGs miss an average of 67.5 phishing emails per 100 mailboxes each month. Callback phishing via legitimate notification infrastructure represents the structural reason: the gateway's tools are built for the wrong threat model.

The payload was plain text. Microsoft delivered it. The attacker answered the phone.