Phishing attacks work by imitating a well-known or trusted brand, product, or company, with the aim of duping recipients into disclosing sensitive account information. That was the case in a recent phishing campaign investigated by security firm Armorblox, in which the attacker impersonated Zoom in an attempt to compromise Microsoft user credentials.
The phishing email, which was sent to over 21,000 users at a national healthcare company, had the subject line "For [name of recipient] on Today, 2022," with each user's actual name listed as the recipient. The email, which displayed the Zoom name and logo, stated that the person had two messages awaiting their response. The recipient had to click on the main link to read the alleged messages.
The main button would have directed users to a bogus landing page impersonating a Microsoft login page. The victims were directed at the site to enter their Microsoft account password in order to verify their identity before they could obtain the messages. To further silence them into a false sense of security, the landing page pre-populated the username field with the person's actual email address. Any Microsoft passwords entered on the page would, of course, be captured by the attackers.
The initial phishing email, sent from a valid domain, bypassed Microsoft Exchange email security controls because it passed the usual email authentication checks, such as DomainKeys Identified Mail, Sender Policy Framework, and Domain-based Message Authentication Reporting and Conformance. Instead, the emails were barred from being sent from reaching user inboxes by Armorblox security.
How to Protect Your Company from Phishing
Armorblox makes the following recommendations to help you protect your organisation and employees from these types of phishing attackers:
The email described in the report evaded Microsoft security measures, indicating that you should supplement your native email security with stronger and more layered tools. Consult Gartner's Market Guide for Email Security and Armorblox's 2022 Email Security Threat Report to find the right product.
Users are advised to:
- Be wary of social engineering ploys.
- Adopt proper password hygiene
- Use multi-factor authentication