Abnormal Security recently found a Zoom-themed phishing campaign. This campaign is using fake Zoom alerts to steal Microsoft 356 credentials. With the boom in teleworking, workers at many organizations are using products like Zoom. This has created an opportunity for malicious actors to create phishing campaigns that capitalize on this.
A malicious campaign is sending out emails claiming to be legitimate Zoom notifications and spoofing the actual Zoom email address. The email claims that the user will not be able to use the platform until they click on the embedded link to reactivate their account.
On clicking the link, the user is taken to a fake Office 365 login page. Entering any information into this login will not reactivate any account. It will instead give the username and password entered to the malicious actors.
The article also states that they have seen malicious actors spoof messages from not only Zoom but of WebEx as well. These campaigns are designed to steal credentials or even to
distribute malware.
If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
For more information, please check out:
https://www.bankinfosecurity.com/zoom-themed-phishing-campaign-targets-office-365-credentials-a-14600