A new phishing campaign is targeting Office 365 customers in the form of an e-mail message notifying users about their Zoom account suspension. This attack focuses on stealing the O365 account login data and is similar to the one spotted in May where malicious Teams invitation was used to collect the O365 login data from the victim.
With the ongoing Covid-19 crisis, the Zoom application became extremely popular and was recognized by hackers to be used in a new phishing campaign.
The user gets an e-mail with the Subject: Missed Call and from a spoofed mail sender address Zoom (no-reply@zoom.us).
The message body contains the following text:
We’ve temporarily suspended your zoom because your email failed to sync with our server within the past 24 hours. At this time, you will not be able to invite or join any call/meeting.
Please verify your mail.
The mail also contains a blue Activate Account button that takes you to bogus Microsoft 365 login web page prompting user credentials. Stolen O365 credentials can be used in BEC scams that are used for exploiting cloud e-mails services like O365 or Google G Suite.
Until now, this phishing mail was sent to more than 50,000 users.