Armorblox has released its latest security research on a credential phishing attack targeting about 21,000 Microsoft users at a national healthcare company.
How this attack works: The attackers impersonated Zoom’s brand with a socially engineered email that linked to a fake replication of a legitimate Microsoft login page. The attackers aimed to leverage the existing user workflow process in an attempt to gain trust and steal their victims’ credentials. The email attack bypassed native Microsoft Exchange email security controls because it passed all email authentication checks: DKIM, SPF, and DMARC.
The research has some mitigations that Microsoft Exchange admins should take note of and implement. You can read the research here.
Like this:
Like Loading...
Related
This entry was posted on October 6, 2022 at 9:00 am and is filed under Commentary with tags Amorblox. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Phishing Campaign Spoofed Zoom In Attempt To Steal 21,000 Microsoft User Credentials
Armorblox has released its latest security research on a credential phishing attack targeting about 21,000 Microsoft users at a national healthcare company.
How this attack works: The attackers impersonated Zoom’s brand with a socially engineered email that linked to a fake replication of a legitimate Microsoft login page. The attackers aimed to leverage the existing user workflow process in an attempt to gain trust and steal their victims’ credentials. The email attack bypassed native Microsoft Exchange email security controls because it passed all email authentication checks: DKIM, SPF, and DMARC.
The research has some mitigations that Microsoft Exchange admins should take note of and implement. You can read the research here.
Share this:
Like this:
Related
This entry was posted on October 6, 2022 at 9:00 am and is filed under Commentary with tags Amorblox. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.