‘Zoom account suspended’ phishing scam aims at Office 365 credentials

The phishing scam targets victims by claiming that their…

The phishing scam targets victims by claiming that their Zoom account has been suspended.

Microsoft enamors 44 million daily active users due to the global pandemic. Not only this but in the last month, daily users have jumped a whopping 70 percent and have gone up to 75 million active users. Whereas, Zoom on its run to ensue transparency, claims ‘300 million daily Zoom meeting participants worldwide’.

The pandemic has shifted organizational dynamics to digital platforms. Social distancing has led to an uber need to integrate tools with office teams using cloud applications.

See: ‘Safe Documents’ tool in Office 365 will automatically detect malware

Besides this, pertaining to the coronavirus situation and looming uncertainty, businesses have started to adopt digital tools to resume operations. Which is why video conferencing apps are in greater demand than ever.

Microsoft CEO Satya Nadella states:

‘We saw more than 200 million meeting participants in a single day this month, generating more than 4.1 billion meeting minutes. Teams now has more than 75 million daily active users, engaging in rich forms of communication and collaboration, and two-thirds of them shared, collaborated, or interacted with files on Teams.”

However, since the use has surged worldwide, instances of cyber-attacks have profusely increased as well. Employees are working from home and have switched to video conferencing for meetings, emitting vulnerability for hackers to target them.

Both Microsoft 365 and Zoom are greatly sought by cybercriminals. The latter has already been at the forefront of privacy and data breaches. Previously, Trend Micro identified malware being spread via fake Zoom applications where hackers were using Zoom installers available at third-party websites.

Fake Zoom phishing scam against Microsoft 365 users

However, this time yet again, a new phishing attack has resurfaced targeting Microsoft 365 users, by impersonating the Zoom interface. In the latest attempt, hackers targeted victims by sending an email stating that their respective Zoom account has been suspended.

In order to resume the service, the email mentions following a link which redirects the victim to a fake Microsoft login page hosted by hackers on an unrelated domain.

Screenshot of email sent by scammers (Image: Abnormal Security)

The attackers through Zoom personification were actually aiming to steal Microsoft credentials, which could give them access to an abundant trove of sensitive and confidential information.

What is more alarming is that the fake page was the exact copy of the Microsoft login page. Besides this, attackers via email phishing knew this would be the best way to trap victims.

(Image: Abnormal Security)

The global pandemic has made organizations and employees totally dependent on business tools like Microsoft 365 and Zoom for virtual meetings. Cybercriminals used this as a loophole and ensued a full-fledged trap. Their niftiness resided upon creating an atmosphere of urgency.

The importance of Zoom for communication may rush employees to activate their accounts as soon as possible without giving due diligence. Besides this, the spoofed email, as confirmed by Abnormal Security, was sent using an official Zoom email address which created an aura of legitimacy, further leading victims on.

“This attacker impersonates Zoom by crafting a convincing email and landing page that mimics meeting notifications from Zoom. The email masquerades as an automated notification stating that the user has recently missed a scheduled meeting and implores the user to visit the link for more details and a recording of the meeting.” 

Email phishing ensuing such advanced tactics can compromise organizational integrity. With the onslaught of the coronavirus pandemic, cyber-attacks have profusely increased. In case, if you have entered your credentials in a phishing email, immediately notify your IT department.

See: Attackers steal payment information through Google Analytics

Also, it is highly imperative to use complex passwords that are difficult to decipher. With increasing attacks, it is pertinent to change passwords once in a while or possibly ensue two-factor authentications.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts