Microsoft Teams phishing campaign deploys A0Backdoor malware Artwork

Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Fully Automated is your weekly rundown of the biggest healthcare cybersecurity stories, delivered in a conversational format by Alex and Jen, two AI hosts who break down breaches, vulnerabilities, and compliance news with clarity, a little dark humor, and always a practical takeaway. Perfect for healthcare IT leaders, administrators, and compliance officers who want to stay informed without wading through the noise.

All Episodes

Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast

Microsoft Teams phishing campaign deploys A0Backdoor malware

April 03, 2026

0:00 | 3:53

In this episode, Alex and Jen break down three recent cybersecurity incidents affecting healthcare and social services organizations: Microsoft Teams impersonation attacks targeting healthcare and financial sectors, fake AI apps harvesting credentials, and a ransomware breach at a nonprofit serving vulnerable populations. The discussion highlights how misconfigurations and overlooked security basics create exploitable gaps, and offers practical steps for locking down external communications, verifying app legitimacy, and strengthening defenses against ransomware.

SPEAKER_01 0:00

Hey everyone, welcome back. I'm Alex. And I'm Jen. Another week, another batch of reasons to audit your configurations.

SPEAKER_00 0:08

You know, I was actually feeling optimistic this morning. Were you? That's concerning. And then I read about attackers impersonating IT staff on Microsoft Teams.

SPEAKER_01 0:19

Yeah, that one's elegant, actually. In a terrible way. Walk us through it. So they start by flooding your inbox with spam. Just chaos. Then they pop up on Teams pretending to be IT support. Hey, noticed you're getting a lot of junk mail. Let me help you fix that. And people let them in. Of course they do. It's Teams. It looks internal. They're expecting IT to reach out. And once you grant access, boom. Backdoor installed. Persistent access. They're in your system for as long as they want.

SPEAKER_00 0:50

This hit healthcare and financial orgs specifically.

SPEAKER_01 0:53

Because that's where the data is. The takeaway here? Lock down external teams access. Most orgs don't need outside users messaging employees directly. And train your staff. IT will never cold call you through teams asking for remote access.

SPEAKER_00 1:08

If it feels helpful, be suspicious. Words to live by. Alright, next up. Fake AI apps in the app store.

SPEAKER_01 1:17

This one's fun. Attackers are spoofing ChatGPT and Gemini. They send phishing emails promoting AI-powered business tools, link to what looks like a legit app store listing, and trick people into downloading fake apps.

SPEAKER_00 1:31

And the apps steal Facebook credentials?

SPEAKER_01 1:34

Yep. Classic credential harvesting. The apps look polished, the emails look professional. It's social engineering with a fresh code of AI hype. So what's the fix? Verify before you download. Go directly to the app store. Don't click links in emails. And if an app is asking for your Facebook login and it has nothing to do with Facebook, walk away.

SPEAKER_00 1:56

Good advice for life, honestly. Most security advice is. Alright. This next one's harder to talk about. The Children's Council of San Francisco had a breach. Over 12,000 people affected.

SPEAKER_01 2:09

Yeah. Ransomware group called SafePay. They're using a variant of LockBit. Encrypts files, demands payment, the whole playbook.

SPEAKER_00 2:18

And they posted the org on a leak site two weeks after the incident.

SPEAKER_01 2:22

Which tells you the ransom wasn't paid. Or negotiations broke down. Either way, the data's out there now.

SPEAKER_00 2:28

For a nonprofit serving kids and families.

SPEAKER_01 2:32

That's the thing people forget. It's not just hospitals, it's social services, dental offices, community health centers. Anyone handling PHI is a target.

SPEAKER_00 2:42

So what do smaller orgs do? They don't have huge security budgets.

SPEAKER_01 2:47

Start with the basics. Patch your systems, use MFA, back up your data offline, and segment your network. Don't let one compromise machine take down everything.

SPEAKER_00 2:58

It's not about being unhackable.

SPEAKER_01 3:00

It's about not being the easiest target on the block.

SPEAKER_00 3:03

Alright, let's bring it together. Three stories. Teams phishing, fake apps, ransomware. What's the thread?

SPEAKER_01 3:11

Misconfiguration and blind spots. Every single one. Teams allowing external messages by default. Users trusting App Store links without verifying. Orgs without network segmentation or offline backups.

SPEAKER_00 3:24

None of this is exotic.

SPEAKER_01 3:26

Nope. It's not zero days or nation state wizardry. It's default settings and missing training. And that's actually good news.

SPEAKER_00 3:34

Because it's fixable.

SPEAKER_01 3:36

Exactly. You don't need a massive budget. You need intention. Review your configurations, train your people. Assume attackers are creative because they are.

SPEAKER_00 3:46

Alright, that's our show. Thanks for listening, everyone.

SPEAKER_01 3:50

Stay paranoid, stay patched.

SPEAKER_00 3:52

We'll see you next week.