Phishing attacks work by imitating a well-known or trusted brand, product, or company, with the aim of duping recipients into disclosing sensitive account information. That was the case in a recent phishing campaign investigated by security firm Armorblox, in which the attacker impersonated Zoom in an attempt to compromise Microsoft user credentials.
The phishing email, which was sent to over 21,000 users at a national healthcare company, had the subject line “For [name of recipient] on Today, 2022,” with each user’s actual name listed as the recipient. The email, which displayed the Zoom name and logo, stated that the person had two messages awaiting their response. The recipient had to click on the main link to read the alleged messages.
The main button would have directed users to a bogus landing page impersonating a Microsoft login page. The victims were directed at the site to enter their Microsoft account password in order to verify their identity before they could obtain the messages. To further silence them into a false sense of security, the landing page pre-populated the username field with the person’s actual email address. Any Microsoft passwords entered on the page would, of course, be captured by the attackers.
The initial phishing email, sent from a valid domain, bypassed Microsoft Exchange email security controls because it passed the usual email authentication checks, such as DomainKeys Identified Mail, Sender Policy Framew
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: