After a week of absence to complete the written work for my apprenticeship, I’m back to bring you more latest insights into cybersecurity so lets jump right in.
Fake Zoom notifs are being used by hackers to target (mainly corporate) Office 365 users in a new phishing campaign. Why? To steal the creds to their account.
The victims receive an email that’s sent from an email address that almost uses the official Zoom contact. It mimics an automated notification from Zoom and claims that the soon-to-be victim will be unable to use the service until they use the link provided in the email to activate their account again. The email contains a link that redirects to a page hosted on a fake Microsoft login page hosted on another domain. Though the email impersonates the Zoom brand, the hacker is targeting the victim’s Microsoft credentials, which can be used to access a much larger stash of sensitive information.
Researchers have said; “Should recipients fall victim to this attack, their Microsoft login credentials as well as any other information stored on those accounts will be compromised”.
So far, the phishing campaign impersonating Zoom has landed in over 50,000 mailboxes based on stats provided by researchers. Those targeted by this campaign are a lot more willing to trust emails like this since the number of remote workers taking part in daily online meetings through video conferencing platforms (like Zoom) has drastically increased due to stay-at-home orders or lockdowns caused by Covid.
Using the fear of missing out, the meeting invite or expiration of the account email pushes the user to click the link to avoid missing a meeting or losing their connection to the outside world. Thankfully, most workplaces do a great job of protecting employees from phishing attacks.
Still, as much as we advance our tactics, so do they. In this case, the increase in the adoption of Zoom during the lockdown made it an appealing target to impersonate, as it allows criminals to cast a wide net of potential victims. Furthermore, as most people need to be able to log into their Zoom as part of their day to day work, an email saying the account has been suspended creates an understandable sense of urgency.
In short, stay safe out there, Zoomers.