Microsoft users targeted by scammers pretending to be Zoom


Comedians have long been known for spoofing celebrities and the like, but nowadays threat actors are increasingly mimicking established brands. In this latest case uncovered by Armorblox, the conferencing app gets the cybercriminal makeover.

It claims the attack it prevented targeted around 21,000 Microsoft Exchange inboxes and would have bypassed security to slam an unnamed healthcare company with a malicious payload.

ADVERTISEMENT

The bogus emails were tailored to individual employees by featuring their specific name in the subject field, and featured the Zoom logo at the top “to instill trust in the recipient.”

“The attacker chose to populate the victim’s name within the title of the email to bring a level of personalization to the attack,” said Armorblox. “The body of the email contained two messages that were awaiting a response [and] two bad URLs – one associated with the main call-to-action button and the other was shadowed as an unsubscribe link.”

Screenshot of Zoom spoof page sent by cybercriminals
Screenshot of Zoom spoof page sent by scammers, whom Armorblox says it intercepted before they could launch their social engineering attack on 21,000 email accounts

The button was designed to take victims to a fake landing page resembling a Microsoft login portal, before prompting them to enter their password to access messages that were “awaiting a response.”

This is not an isolated occurrence. According to another cybersecurity report by Avanan, Microsoft has been increasingly targeted by social engineering campaigns – findings that appear to be borne out by the Armorblox investigation.

“We see similar styling of this fake landing page across many spoofed Microsoft login pages used within targeted attacks – with the page being dominated by the login prompt and the victim’s email address already being populated,” said Armorblox.

“This helps attackers foster that sense of trust in the victims, making them more likely to fall for these types of sophisticated email attacks.”

ADVERTISEMENT