ClickCease Attackers impersonate Zoom to steal Microsoft user data

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Attackers impersonate Zoom to steal Microsoft user data

Obanla Opeyemi

October 21, 2022 - TuxCare expert team

A malicious campaign uncovered by security firm Armorblox shows that attackers manipulate Zoom to compromise Microsoft user data. In one of the incidents analyzed, more than 21,000 users of a national health company were targeted.

The phishing email sent from a valid domain contains a subject line of “For [name or recipient] on Today, 2022” with the actual name of each user as recipient. The phishing email also shows the Zoom name and logo with the email claiming that the recipient has two messages to reply. To read the alleged messages, the recipient had to click a main button in the body of the message.

Once users click on the link, they are taken to a fake landing page that pretends to be a Microsoft login page. On the page, users are asked to enter their Microsoft account password, ostensibly to verify their identity before they can access the messages.

In order to further deceive the victim, the landing page indicates the actual e-mail address of the person in the username field. Passwords entered by victims on the page will be spoofed by attackers.

The campaign sends the email from a legitimate and trusted domain that allows them to bypass security defenses. The email was written in such a way that neither email security tools nor an unsuspecting recipient will raise any red flags.

Among other things, organizations can complement their native email security with stronger and more complex tools.

Other security measures that need to be taken include searching for social engineering tricks, proper password hygiene and the use of multi-factor authentication.

When looking out for social engineering tricks, organizations and users need to take the time to check key elements of emails, including the sender’s name, sender’s email address, and the language in the message. This helps detect typos, errors, or inconsistencies that appear suspicious.

Proper password hygiene involves avoiding the use of the same password on multiple websites that are affected by a compromised account.

On MFA, the requirement for multi-factor authentication remains one of the best ways to ensure that an attacker cannot log in with compromised accounts credentials.

The sources for this piece include an article in TechRepublic.

Summary
Attackers impersonate Zoom to steal Microsoft user data
Article Name
Attackers impersonate Zoom to steal Microsoft user data
Description
A malicious campaign uncovered by security firm Armorblox shows that attackers manipulate Zoom to compromise Microsoft user data.
Author
Publisher Name
Tuxcare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023