• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Cyber Security Solutions, Compliance, and Consulting Services - IT Security

We offer It security management, data, network, & Information security services for protecting information & mitigating security risks to your organization.

  • Home
  • About Us
  • Solutions & Services
    • Security Governance
    • NETWORK SECURITY
    • CLOUD SECURITY
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Attackers impersonate Zoom to steal Microsoft account credentials

By kamran | At February 4, 2022

Feb 04 2022

Attackers impersonate Zoom to steal Microsoft account credentials

phishing types

Many people leverage online platforms to organize meetings. Threat actors are aware of these meetings and exploit these spaces every chance they get. This recent attack involved the use of social engineering to mimic an email invite to a Zoom meeting. The attack tricked 10,000 users into clicking on a malicious link. 

Ten thousand users working in a major online brokerage company in North America were targeted by malicious hackers who used social engineering and brand impersonation techniques to gain the users’ trust and urged them to act swiftly. This gave users little time to think about the email and fall victim to the attack. 

The formulated email had the looks of a legitimate Zoom message sent from a real domain after bypassing the Microsoft email security product. The message was titled “[External]Zoom Meetings 11:00 AM Eastern Time [US and Canada].” The contents of the email stated, “Your participants have joined you in a meeting.” The contents of the email encouraged users to join their colleagues in the meeting by clicking on the “Start Meeting” button. 

Users were redirected to a spoofed Outlook login page after clicking on the link. This login page asked for the users’ credentials, thereby luring them into entering their account emails and passwords. 

As per the report’s details, users noted that clicking on a ‘Start Meeting’ button is a routine habit for them. Since the email contents followed a very familiar format, their brains did what they were programmed to do and acted quickly. 

It is prudent to pause, think, and take a step back in the situation of an unusual request such as an unplanned meeting, despite one’s conditioning towards day-to-day tasks. Phishing emails can be pretty easy to identify because they come with grammatical errors and links that do not lead to the websites they state. Moreover, phishing emails follow a format that resembles the original sender’s. Most times, simply hovering your computer mouse over a listed link can prevent you from a cyberattack. 

It is also wise to invest in an appropriate cybersecurity plan which involves employee training. The goal is to protect the business from the aftermath of a cybersecurity breach or phishing attack. Appropriate employee training is better than some security products even, so it is a good idea to focus on educating every individual involved in the organization. 

“Threat actors with corporate targets in sight sometimes go after individuals first. Organizations should ensure their staff is well-trained to identify phishing emails, which can help thwart targeted attacks on their personal emails. In turn, these employees will also report any phishing emails received to their company inbox to their security team. Training users to protect their credentials and to ensure they are logging into legitimate sites is also crucial,” noted Director and Security Solution Advisor at Cofense, Tonia Dudley.

Written by kamran · Categorized: Cyber security news

Primary Sidebar

Recents post

Healthcare Ransomware Surges, Pharma Sector at Risk, Major Breaches & Legal Fallout

As cyber threats grow more … [Read More...] about Healthcare Ransomware Surges, Pharma Sector at Risk, Major Breaches & Legal Fallout

Law Firms Cybersecurity Updates: AI-Powered Threats to SIEM Tools and More

Welcome to another edition of … [Read More...] about Law Firms Cybersecurity Updates: AI-Powered Threats to SIEM Tools and More

Healthcare Under Attack: Ransomware Trends, Data Breaches, and the Role of Cyber Insurance

As cyberattacks continue to … [Read More...] about Healthcare Under Attack: Ransomware Trends, Data Breaches, and the Role of Cyber Insurance

Categories

  • AI and cybersecurity (2)
  • blockchain (1)
  • Cloud security (29)
  • Compliance (25)
  • Cyber security news (108)
  • Cyber security threats (376)
  • Cyber security tips (370)
  • Data Security (3)
  • E-Commerce cyber security (3)
  • Education cyber security (1)
  • Enterprise cyber security (7)
  • Financial organizations cyber security (4)
  • General (22)
  • Government cyber security (4)
  • Healthcare cyber security (19)
  • Information Security (2)
  • Law Firms Cyber Security (9)
  • Network security (9)
  • Newsletter (1)
  • Privacy (1)
  • Ransomware (14)
  • remote work (1)
  • Risk assessment and management (6)
  • Security management and governance (9)
  • SME Cybersecurity (2)
  • Software Security (2)
  • Supply Chain Attacks (5)
  • System security (3)
  • Uncategorized (21)
  • Vendor security (14)

Archives

Footer

Infoguard Cyber Security

San Jose Office
333 W. Santa Clara Street
Suite 920
San Jose, CA 95113
Ph: (855) 444-6004

Irvine Office
19800 MacArthur Blvd.
Suite 300
Irvine, CA 92612

Recent Posts

  • Healthcare Ransomware Surges, Pharma Sector at Risk, Major Breaches & Legal Fallout
  • Law Firms Cybersecurity Updates: AI-Powered Threats to SIEM Tools and More
  • Healthcare Under Attack: Ransomware Trends, Data Breaches, and the Role of Cyber Insurance

Get Social

  • LinkedIn
  • Home
  • About Us
  • Solutions & Services
  • COMPLIANCE
  • SECTORS
  • Blog
  • CONTACT

Privacy Policy Terms of Use Acceptable Use

Copyright © 2025 | All right reserved