The social engineered attacks are designed to look like a legitimate email from Zoom mimicking existing business workflows. Attackers will use the Zoom email address, “Zoom Communications” and include similar words as a real invite, such as [External] Zoom Meeting 11:00 AM Eastern Time [US and Canada].
When users click on the link to start meeting, it opens to a login screen for Microsoft Outlook, where unsuspecting victims enter in their credentials, the email security company says in a blog.
“The email attack bypassed native Microsoft email security controls. Microsoft assigned a Spam Confidence Level (SCL) of ‘-1’ to the emails; meaning the emails skipped spam filtering because Microsoft determined they were from a safe sender, to a safe recipient or were from an email source server on the IP Allow List,” writes Lauryn Cash in the Armorblox blog post.
The email is deceptive in that it mimics day-to-day business workflow. It’s habitual for users to simply click on “Start Meeting.”
According to Cash, organizations should take these actions to prevent compromise from this attack and similar ones:
- Use built-in email security with layers.
- Employees should always be watchful of social engineering cues. “Our brains have been trained to quickly execute on the requested actions. It’s best to engage with these emails in a rational and methodical manner wherever possible,” writes Cash. A good best practice is to perform an “eye test” on the email received that includes inspecting the sender name, email address, language within the email and any logical inconsistencies within the email.
- Follow multifactor authentication and password management best practices and always remember not to use the same password on multiple sites or accounts. Use a password management software to store account passwords and avoid using passwords that include publicly available information, such as date of birth, or generic 123 passwords.
- As always, continue to educate and train employees on phishing emails, such as looking for visible warning signs like poorly written emails, wrong signature lines or incorrect email addresses.