New COVID-19 Phishing Campaigns Target Zoom, Skype User Credentials
Health IT Security
Hackers are again taking aim at the increased number of remote workers during the COVID-19 pandemic through two new phishing campaigns: one attack method targets Skype credentials, while the other leverages fake Zoom videoconferencing meeting notifications.
The reports come following an FBI alert that warned cybercriminals are targeting the US healthcare sector with COVID-19 phishing attacks.
First, Cofense researchers discovered hackers are spoofing Skype amid the spike in remote work. The phishing emails evaded detection in accounts protected by Microsoft 365 EOP and Proofpoint, making it to the users’ inboxes.
“With so many people working from home, remote work software like Skype, Slack, Zoom, and WebEx are starting to become popular themes of phishing lures. We recently uncovered an interesting Skype phishing email that an end user reported to [Cofense] Phishing Defense Center,” researchers explained.
“For this attack, the threat actor created an email that looks eerily similar to...