fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Persuasive Office 365 Phishing Uses Fake Zoom Suspension Alerts

Persuasive Office 365 Phishing Uses Fake Zoom Suspension Alerts

Microsoft Office 365 users are targeted by a new phishing campaign using fake Zoom notifications to warn those who work in corporate environments that their Zoom accounts have been suspended, with the end goal of stealing Office 365 logins.

Zoom is a cloud-based communication platform providing users with audio and videoconferencing services, online meetings, as well as chat and team collaboration via mobile, desktop, and telephone systems. Since the start of 2020 Zoom has seen a radical increase of new monthly active users after millions of employees have switched to remote working.

So far the phishing campaign impersonating automated Zoom account suspension alerts has landed in over 50,000 mailboxes based on stats provided by researchers as email security company Abnormal Security who spotted these ongoing attacks.

Those targeted by this campaign are a lot more willing to trust such emails during this time since the number of remote workers taking part in daily online meetings through video conferencing platforms such as Zoom has drastically increased due to stay-at-home orders or lockdowns caused by the pandemic.

Cloned Zoom login page used for phishing credentials

The phishing emails spotted by Abnormal Security’s researchers spoof an official Zoom email address and are designed to impersonate a legitimate automated Zoom notification.

Using a spoofed email address and an email body almost free of any grammar errors or typos (besides an obvious ‘zoom’ instead of ‘Zoom account’) makes these phishing messages even more convincing and potentially a lot more effective.

The use of a cheerful “Happy Zooming!” at the end of the email could raise some alarms though, as it doesn’t quite fit with the rest of the message’s tone.

Phishing email sample (Abnormal Security)

The targets are warned that their Zoom accounts were temporarily suspended and that they will not be able to join any calls and meetings until they re-activate their accounts by clicking on an activation button embedded within the message.

Once they click the “Activate Account” button, the recipients are redirected to a fake Microsoft login page through an intermediary hijacked website.

On the phishing landing page, the victims are asked to input their Outlook credentials in a form designed to exfiltrate their accounts details to attacker-controlled servers.

“The importance of Zoom as a communications method is essential in a world under the shadow of the COVID-19 pandemic,” Abnormal Security explained. “Thus, the user may rush to correct their account, click on the malicious link, and inadvertently enter credentials on this bad website.”

If they fall for the attackers’ tricks, the victims’ Microsoft credentials will be used to take full control of their accounts and all their information will be ripe for the picking, later to be used as apart of identity theft and fraud schemes such as Business Email Compromise (BEC) attacks.

Also read: Cost of GDPR Compliance for Singapore Companies

Office 365 phishing landing page (Abnormal Security)

Stolen email accounts used in BEC attacks

The US Federal Bureau of Investigation (FBI) warned of BEC scammers abusing popular cloud email services such as Microsoft Office 365 and Google G Suite through Private Industry Notifications issued in March and in April.

“Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting Microsoft Office 365 and Google G Suite,” the FBI notified at the time. 

The FBI’s Internet Crime Complaint Center (IC3) also issued a PSA in September 2019 advising that BEC scams are increasingly dangerous, with victim complaints with a total exposed dollar loss of more than $26 billion between 2016 and 2019, as well as a 100% surge in the identified global exposed losses from May 2018 to July 2019.

Phishing attacks targeting Office 365 customers

Office 365 users are continuously targeted by phishing campaigns with the end goal of harvesting their credentials.

Microsoft customers were lured with fake Microsoft Teams alertsfake VPN configs, and Small Business Grants Fund (SGF) relief payment baits to hand over their Office 365 login information, with tens of thousands of these phishing messages landing in the targets’ inboxes.

Yesterday, Microsoft also warned of phishers’ recent shift to new types of phishing tactics such as consent phishing, besides conventional email phishing and credential theft attacks.

“While application use has accelerated and enabled employees to be productive remotely, attackers are looking at leveraging application-based attacks to gain unwarranted access to valuable data in cloud services,” Microsoft Partner Group PM Manager Agnieszka Girling said.

The company also took legal action to dismantle part of the attack infrastructure used to host malicious 365 OAuth apps used in consent phishing to hijack victims’ Office 365 accounts.

Also read: 6 Simple Tips on Cyber Safety at Home

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us