Recently, Office 365 users are facing a new phishing attack, which is being launched in the form of an email notifying users that their Zoom account has been temporarily blocked,media reported. It is understood that the purpose of the mail is to steal the user’s Office 365 certificate. The attack appears to be very similar to the cyberattack discovered in May, when a fake Teams email navigated users to a duplicate Office 365 login page.
During the pandemic, Zoom became more popular due to the increase in remote collaboration, and more and more people began using the soft akin, so the temporarily blocked emails of such accounts were obviously noticed. In this case, users will mostly quickly correct the problem without a doubt to avoid losing access to the tool and thus hindering their work.
According to the source, the Zoom account suspended notification email from an email address that faked the official domain name. It mimics automatic email notifications and links to fake Microsoft 365 login pages, then prompts users to enter their Office 365 credentials, which are then compromised by hackers. According to statistics, the phishing email has been sent to more than 50,000 users.
There is an indication that the email is illegal, and that there is no initial “zoom” trademark in the body of the message. Even if the user clicks on the “Activate Account” link in the message, the domain name of the Outlook logo or Office 365 login page will be compromised. Stolen credentials may have been used to exploit commercial email breach (BEC) scams using cloud e-mail services such as Microsoft 365 and Google G Suite.