Phishing attack spoofs Zoom to steal Microsoft user credentials

Targeting more than 21,000 users, the phishing email managed to bypass Microsoft Exchange email security, says Armorblox.

Targeting more than 21,000 users, the phishing email managed to bypass Microsoft Exchange email security, says Armorblox.

Phishing attacks work by impersonating a familiar or trusted brand, product or company, often with the goal of tricking recipients into divulging sensitive account credentials. That’s exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.

How the attack worked

Aimed at more than 21,000 users at a national healthcare company, the phishing email included a subject line of “For [name of recipient] on Today, 2022” with each user’s actual name listed as the recipient. Displaying the Zoom name and logo, the email itself claimed that the person had two messages waiting for their response. To read the alleged messages, the recipient had to click on a main button in the body of the message.

The main button would have taken users to a phony landing page spoofing a Microsoft login site. At the site, the victims were instructed to enter their Microsoft account password supposedly to verify their identity before they could access the messages. The landing page already populated the username field with the person’s actual email address to further lull them into a sense of security. Naturally, any Microsoft passwords entered at the page would then be captured by the attackers.

Sent from a valid domain, the initial phishing email evaded Microsoft Exchange email security controls as it was able to pass the usual email authentication checks, including DomainKeys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication Reporting and Conformance. Learn more: https://assets.armorblox.com/f/52352/x/d893e1fdc6/armorblox-2022-email-security-threat-report.pdf

Contact us today: https://wehealcomputers.com;  We ensure your systems are secure, running
optimally & that you have help when needed!  Includes Document Backups!

#ITservices #TechSupport #ComputerHelp #CyberSecurity

Author: We Heal Computers

US-BASED OUTSOURCED IT - TECH SUPPORT HELP DESK - INCLUDES DOCUMENT BACKUPS GREAT FOR SMALL BUSINESSES & HOME USERS 1-10 COMPUTERS KNOW YOUR COMPUTERS ARE PROTECTED - GET HELP WHEN YOU NEED IT

Leave a comment