Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins.
The phishing emails spotted by Abnormal Security’s researchers spoof an official Zoom email address and are designed to impersonate a legitimate automated Zoom notification.
Using a spoofed email address and an email body almost free of any grammar errors or typos (besides an obvious ‘zoom’ instead of ‘Zoom account’) makes these phishing messages even more convincing and potentially a lot more effective.
The targets are warned that their Zoom accounts were temporarily suspended and that they will not be able to join any calls and meetings until they re-activate their accounts by clicking on an activation button embedded within the message.
Once they click the “Activate Account” button, the recipients are redirected to a fake Microsoft login page through an intermediary hijacked website.
On the phishing landing page, the victims are asked to input their Outlook credentials in a form designed to exfiltrate their accounts details to attacker-controlled servers.
Read the full article.