New phishing attack targets Zoom users to steal Office 365 credentials
By Abhay Venkatesh @abhay_venkat4 · Jul 9, 2020
By Abhay Venkatesh @abhay_venkat4 · Jul 9, 2020
[SHOWTOGROUPS=4,20]
A new phishing attack is targeting Microsoft 365 (formerly Office 365) users in the form of an email notification for a Zoom account suspension. The email aims to steal users’ Microsoft 365 credentials. The attack was spotted and documented Для просмотра ссылки Войдиили Зарегистрируйся (Для просмотра ссылки Войди или Зарегистрируйся).
The attack seems familiar to the one that was Для просмотра ссылки Войдиили Зарегистрируйся, where a fake Teams email would navigate users to a duplicate Office 365 login page. With the popularity and adoption of Zoom increasing due to increased remote collaboration in the times of the pandemic, such account suspension emails spike users’ interest and warrant immediate attention. In this case, users mostly rush to correct the problem without any suspicion to avoid losing access to the tool that may hinder their work.
The email for the Zoom suspension notification interestingly comes from an email address that spoofs the official domain, says the source. It mimics an automated email notification that links to a face Microsoft 365 login page, prompting users to enter their Office 365 credentials. The credentials are then compromised by hackers. The research firm adds that the phishing email has been served to more than 50,000 users.
One sign that points to the illegitimacy of the email is the “zoom” branding in the email body without the capitalization of the first letter. Even if users click on the ‘Activate Account’ link in the email, the ‘Outlook’ logo or the domain of the Office 365 login page are telltale signs. The stolen credentials could be used in Для просмотра ссылки Войдиили Зарегистрируйся that exploit cloud email services like Microsoft 365 and Google G Suite.
[/SHOWTOGROUPS]
A new phishing attack is targeting Microsoft 365 (formerly Office 365) users in the form of an email notification for a Zoom account suspension. The email aims to steal users’ Microsoft 365 credentials. The attack was spotted and documented Для просмотра ссылки Войди
The attack seems familiar to the one that was Для просмотра ссылки Войди
| Для просмотра ссылки Войди | Для просмотра ссылки Войди |
One sign that points to the illegitimacy of the email is the “zoom” branding in the email body without the capitalization of the first letter. Even if users click on the ‘Activate Account’ link in the email, the ‘Outlook’ logo or the domain of the Office 365 login page are telltale signs. The stolen credentials could be used in Для просмотра ссылки Войди
[/SHOWTOGROUPS]
