ZoomBombing Morphs into TurkeyBombing to Take Advantage of the U.S. Holiday
Thanks to COVID-19 and its associated lockdowns, Zoom has become a major player in the social-distancing era of 2020. Those Americans forced to spend Thanksgiving virtually are being targeted by cybercriminals in an ongoing phishing attack that is reminiscent to the infamous ZoomBombing attacks. These renewed attacks have a Thanksgiving flair added to them, and the phishing emails sent to unsuspecting potential victims have a Thanksgiving theme. Bogus messages are being sent en masse and falsely tell recipients, “You received a video conference invitation!” These messages would then include a link to review the malicious invitation.
The link leads victims to a fake Microsoft login page hosted on a Google domain, Appspot.com. This website is used primarily by developers to host web applications in the Google-managed data center. When a victim is brought to the phishing page, their email address pre-populates the login field of the associated landing page. They are then prompted to enter their associated Microsoft account password.
If a victim falls for this phishing attack, the malicious page not only records the victims’ email addresses and passwords, but also their IP addresses and geographic location. The attackers then attempt to use the stolen credentials to breach the account via IMAP (Internet Message Access Protocol) credential verification. It’s important to note that IMAP is a type of protocol used by companies and email services to offer direct access to emails on an email server.
It’s believed that attackers have already stolen more than 3,600 unique email credentials. If you believe you have fallen victim to this type of attack, it is highly recommended that you change and update your login credentials immediately.
Sources: