Recent reports indicate that cyber criminals are trying to steal Office 365 credentials through fake Zoom suspension alerts.

Now, as if things could get any more worse than having to use Zoom as your main form of office communication, they just might have.

To begin, Microsoft users are the new target of attack for scammers. The ploy is in an act to steal Office credentials, the scammer sends a fake Zoom account suspension notice. 

The main idea of this attack is to make the victims think that their Zoom account is under suspension. From there, this can open up a wide range of attacks for scammers to steal Office 365 logins. 


Zoom as a Platform

For those of you reading this who are blessed without having to use Zoom on the daily, here is a little background information on the platform. 

Zoom (in their own words) regards itself as the following.


Zoom Video Communications, Inc. is an American communications technology company headquartered in San Jose, California. It provides video telephony and online chat services through a cloud-based peer-to-peer software platform and is used for teleconferencing, telecommuting, distance education, and social relations.


In other words, it is a video communications platform. Since the COVID-19 pandemic broke out, resulting in many people working from home now, the platform blew up over night. 

Further, with great power comes great responsibility, and attention. Hackers notice the overwhelming use of the platform. They also notice the vulnerabilities and other technical or communication issues that make it the perfect target for credentials scams. 


The Attack

Now, let’s take a look at how attackers are scamming Office users through Zoom. 

Starting at the beginning, cyber platform, Abnormal Security, spotted the attack and released a report regarding the issue. Below is the statement from the company. 


In this attack, attackers are impersonating a notification from Zoom in order to steal Microsoft Office 365 credentials of employees at organizations targeted for this attack.


All in all, the attack is quite straightforward. Scammers are utilizing a false notification ruse in order to spook employees. 

The attack consists of an email sent from a spoofed Zoom email address. The message states that the user is unable to use Zoom until they reactivate their account through a link attached to the message. 

Further, like most attacks of this type, the email redirects the victim to a fake Microsoft validation page. The user then “logs in” to verify their account. But, they actually are handing their account credentials over to the scammer. 


Staying Vigilant

This attack proves to be quote effective out in the wild. Due to so many people working from home, utilizing communication tools like Zoom, is more necessary than ever. Once people see that their account is suspended, their first reaction is to quickly get things back on track. 

Continuing, what if you received this type of notification 10 minutes before a big Zoom meeting? Users would do just about anything to make sure they are back online before a call. 

In short, this attack only emphasizes how important it is to exercise vigilance online. Taking an extra minute to review a suspicious email or forward it to your IT department can make a big difference. 


By Taylor Ritchey