According to researchers at Abnormal Security, Microsoft Office 365 users are being targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins. So far the phishing campaign impersonating automated Zoom account suspension alerts has landed in over 50,000 mailboxes based on stats provided by researchers as email security company Abnormal Security who spotted these ongoing attacks. Those targeted by this campaign are a lot more willing to trust such emails during this time since the number of remote workers taking part in daily online meetings through video conferencing platforms such as Zoom has drastically increased due to stay-at-home orders or lockdowns caused by the pandemic.
Cyber criminals are shifting their focus away from an email containing information about package deliveries or airline tickets to now fake calendar invites. This attack vector provides cyber criminals with another method to steal user credentials to either sell or leverage them to gain access to an organisation for additional reconnaissance or exploitation.
Leveraging the human nature of fear of missing out, the meeting invite or expiration of the account email incites the end-user to click the link to avoid missing a meeting or losing privileges to their connection to the outside world. With the current pandemic, most remote employees find the Zoom meeting and meeting invites as a way to feed their human socialization needs.
Organisations with security awareness training programs focus on emails where the user is asked to open an attachment or click a link to visit a website. With calendar invites joining the threat landscape, organisations need to review and update their security awareness training programs periodically. Keeping their employees up to date on the latest attack vectors will reduce the risk of a phishing attack.