Security News > 2022 > October > Phishing attack spoofs Zoom to steal Microsoft user credentials
Phishing attack spoofs Zoom to steal Microsoft user credentials We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships.
That's exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.
Displaying the Zoom name and logo, the email itself claimed that the person had two messages waiting for their response.
Sent from a valid domain, the initial phishing email evaded Microsoft Exchange email security controls as it was able to pass the usual email authentication checks, including DomainKeys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication Reporting and Conformance.
The email described in the report snuck past Microsoft security defenses, a sign that you need to supplement your native email security with stronger and more layered tools.
Also See Share: Phishing attack spoofs Zoom to steal Microsoft user credentials.
News URL
https://www.techrepublic.com/article/phishing-spoofs-zoom-microsoft/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)