Beware of Fake Zoom Suspension Alerts as Office 365 users are on target of Phishing Attack
Published on : Sunday 12-07-2020
According to latest cyber news from different sources including bleepingcomputer, Microsoft Office 365 users are under massive Phishing attack using fake Zoom suspension alerts.
Why Zoom Notifications are being used in Phishing Campaign?
As we all know, Zoom is a very popular cloud-based communication platform providing its users with audio and videoconferencing services, online meetings, online chat and team collaboration. It supports mobile, desktop, and telephone systems as well. Due to current COVID-19 lockdown situations worldwide, since this year start Zoom has seen a high increase of new monthly active users - one of its reason is "work from home" is adopted by many industries.
What Cyber Attack Trick is being used in this fake Zoom Notifications Phishing Campaign?
Microsoft Office 365 users working in corporate environments are on the target of this new phishing campaign.
It uses fake Zoom notifications, which appears as warning to users as their Zoom account has been suspended. The intention behind this Phishing Campaign appears with the aim of stealing Office 365 logins.
Remember, these phishing emails look like an official Zoom email address. Those are specially designed to impersonate a legitimate automated Zoom notification.
Another observation is, it is difficult to find any grammar errors or typos in that phishing email body. Only one visible difference found in its content which is word "zoom" instead of "Zoom Account".
This phishing message looks as if really received from Zoom.
This email says that user's Zoom account was temporarily suspended, and they need to re-activate their account by clicking on an activation button embedded within the message. It is found that there are words "Happy Zooming!" at the end of the email.
Considering its importance, once victim clicks that button, they get redirected to a fake Microsoft login page through an intermediary hijacked website. Then user is asked to input their Outlook credentials in a form designed to exfiltrate their accounts details to attacker-controlled servers.
That is how they will get user's Microsoft credentials which might be used by cybercriminals to take full control of user's account and it can lead to many cybercrime related activities.
How to prevent it?
I always say, "Awareness is the key". Beware of phishing emails.
Always follow a complex password policy for your accounts. Keep different passwords for different online accounts to reduce risk.
It is highly recommended to use two-factor authentication whenever possible. It helps a lot.
Organizations should invest on Cybersecurity policies and awareness trainings.
If you are already a victim, contact concerned IT security department of your organization immediately.
Shekhar Ashok Pawar is CEO of GrassDew IT Solutions Pvt Ltd which is primarily focused on Cybersecurity Assessment & Audits, IT Consulting, Customised Software Development and Software Products. With more than 15 years of international experience, he is CISA, CEH, CHFI, MCP, Blockchain Developer, Dip Cyber Laws, CMMi Level 5 ATM & ISO 27001 LA. He is also certified H/W & S/W expert for Mobile Phones, Computers and CCTV cameras. He did Executive Management (SJMSOM, IIT-Bombay), after Engineering in Electronics & Telecommunications, Mumbai. He is also certified for "Digital Signal Processor & Applications" by Analog Devices - DSP Learning Center, IIT Madras.
He is lead contributor to GrassDewPanther @ LinkedIn which is focused on sharing global cyber threats and related news. Shekhar's recent book “Air Team Theory: Understanding 10 Types of Team Mates and Best Practices to Succeed” was published in January 2020 and is a hot-seller on Amazon.