Attackers Pose as Zoom to Steal Microsoft Credentials

Cyber-thieves are impersonating videoconferencing platform Zoom to steal victims' Microsoft credentials.

New research published today by Abnormal Security revealed that Zoom users are being targeted with fake notification emails that contain malicious links. 

Describing the conceit, researchers said: "This attacker impersonates Zoom by crafting a convincing email and landing page that mimics meeting notifications from Zoom. The email masquerades as an automated notification stating that the user has recently missed a scheduled meeting and implores the user to visit the link for more details and a recording of the meeting."

When the user clicks on the legitimate-looking Zoom link, they are taken to a fake Microsoft login page with the name of the user’s organization and "Zoom" above the sign-in location.

"This indicates that the attackers are more interested in the user’s Microsoft credentials, which can be used to access a larger trove of sensitive information," concluded researchers.

The attack was observed occurring across several organizations with specific elements such as usernames customized to target each specific recipient.

While the attackers attempted to cover their tracks by making it appear as though the malicious notifications were stemming from multiple sources, researchers picked up on tell-tale signs that indicate they were linked. 

"Although the attackers are trying to disguise their location by using many different VPN sources, the messages all look similar, were sent during a short, discrete time period, and use the same VPN services, which leads us to believe that these are coordinated attacks by the sam ..

Support the originator by clicking the read the rest link below.