Phishing Campaign Spoofed Zoom In Attempt To Steal 21,000 Microsoft User Credentials

Armorblox has released its latest security research on a credential phishing attack targeting about 21,000 Microsoft users at a national healthcare company.

How this attack works: The attackers impersonated Zoom’s brand with a socially engineered email that linked to a fake replication of a legitimate Microsoft login page. The attackers aimed to leverage the existing user workflow process in an attempt to gain trust and steal their victims’ credentials. The email attack bypassed native Microsoft Exchange email security controls because it passed all email authentication checks: DKIM, SPF, and DMARC.

The research has some mitigations that Microsoft Exchange admins should take note of and implement. You can read the research here.

Leave a Reply