Threat Watch

Ongoing Office 365 Phish Uses Fake Zoom Suspension Alerts

Researchers at Abnormal Security have recently spotted an ongoing Office 365 phishing campaign that spoofs an official Zoom email address in order to impersonate a legitimate automated Zoom notification. The body of the email warns victims that their Zoom account has been disabled and urges them to click a button titled “Activate Account.” Clicking the button redirects users to a fake Microsoft login page hosted on a hacked website, which is then used to steal credentials. These credentials can then be sold or reused to gain more of a foothold in a network.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As Business Email Compromise (BEC) attacks cost companies upwards of $26 billion USD between 2016 and 2019, Binary Defense considers this a credible and very real threat. In order to prevent account phishing, Binary Defense recommends carefully confirming that the URL for the Microsoft login page is a Microsoft-owned domain. However, even some Microsoft-owned domains that can be used by Microsoft cloud hosting customers, including the Azure domain windows.net, have been used by attackers to host phishing pages.

https://www.bleepingcomputer.com/news/security/persuasive-office-365-phishing-uses-fake-zoom-suspension-alerts/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support