The Black Basta ransomware group is employing increasingly sophisticated social engineering techniques to compromise organizations. The attackers now leverage Microsoft Teams chat messages to deceive targeted users and distribute malicious QR codes to gain initial access to their systems. Black Basta’s tactic involves overwhelming users with email spam, then reaching out through Teams, posing as legitimate help desk personnel to respond to support tickets generated by the initial spam campaign. This social engineering scheme aims to establish trust with users and convince them to download and install remote monitoring and management (RMM) tools, providing attackers with a foothold to deploy ransomware. Organizations should be aware of this evolving tactic and implement strong security awareness training to help employees identify and avoid these social engineering traps.