Security News > 2022 > October > Phishing attack spoofs Zoom to steal Microsoft user credentials

Phishing attack spoofs Zoom to steal Microsoft user credentials We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships.
That's exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.
Displaying the Zoom name and logo, the email itself claimed that the person had two messages waiting for their response.
Sent from a valid domain, the initial phishing email evaded Microsoft Exchange email security controls as it was able to pass the usual email authentication checks, including DomainKeys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication Reporting and Conformance.
The email described in the report snuck past Microsoft security defenses, a sign that you need to supplement your native email security with stronger and more layered tools.
Also See Share: Phishing attack spoofs Zoom to steal Microsoft user credentials.
News URL
https://www.techrepublic.com/article/phishing-spoofs-zoom-microsoft/
Related news
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)