Security News > 2022 > October > Phishing attack spoofs Zoom to steal Microsoft user credentials
Phishing attack spoofs Zoom to steal Microsoft user credentials We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships.
That's exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.
Displaying the Zoom name and logo, the email itself claimed that the person had two messages waiting for their response.
Sent from a valid domain, the initial phishing email evaded Microsoft Exchange email security controls as it was able to pass the usual email authentication checks, including DomainKeys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication Reporting and Conformance.
The email described in the report snuck past Microsoft security defenses, a sign that you need to supplement your native email security with stronger and more layered tools.
Also See Share: Phishing attack spoofs Zoom to steal Microsoft user credentials.
News URL
https://www.techrepublic.com/article/phishing-spoofs-zoom-microsoft/
Related news
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (source)
- Retail chain Hot Topic hit by new credential stuffing attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (source)
- Roku warns 576,000 accounts hacked in new credential stuffing attacks (source)
- FBI warns of massive wave of road toll SMS phishing attacks (source)