Don’t Fall For Office 365 Zoom Notification Phishing Email

Do you use Microsoft Office 365? Do you also use Zoom? If so, be advised that there’s a new phishing campaign designed with you specifically in mind, the goal of which is to ultimately make off with your Office 365 login credentials. Since the start of the global pandemic, Zoom and other video conferencing solutions have seen an explosion in the size of their user base, given that COVID-19 forced tens of millions to work from home.

In a nutshell, here’s now the new campaign works:

The hackers controlling the campaign kick things off by sending out what appear to be automated Zoom account suspension alerts. These are convincingly crafted and make it appear that your account has been compromised. The message is invariably either a carbon copy or a slight variant of the following:

We’ve temporarily suspended your Zoom because your email failed to sync with our server within the past 24 hours. At this time, you will not be able to invite or join any call/meeting.

Please verify your email:”

And then, just below the ‘Please verify your email’ bit in the body of the message, the hackers have included a button labeled ‘Activate Account,’ which a fair percentage of this message’s recipients are clicking on.

Clicking on the button opens a browser tab and takes the email recipient to a well-designed spoof of a Microsoft Login page which asks for the user’s credentials.

Naturally, if the user enters their login information here, nothing will happen except that the information will be stored in a database belonging to the hackers, who will no doubt use it later.

Not long ago, the US FBI issued a warning about BEC scammers targeting users of popular cloud-based email services like Google’s G-Suite and Microsoft’s Office 365 to steal credentials for use in attacks down the road. This latest campaign certainly seems to add an exclamation point to the end of that warning. Stay on your guard and make sure your employees are aware.

Get In Touch

Share On Social Media

Other Recent Blog Articles

Imagine your business is like a really important house, like a bank or a hospital, filled with valuable information. Keeping it secure from digital “burglars” is crucial!

March 27, 2025

Imagine your business. It’s not just an office or a storefront anymore; it’s a digital vault. Inside reside your most valuable assets: customer data, financial records, intellectual property, and the…

Read More

Breaking Down I.T. with Steve: Is Your Small Business a Hidden Target? The Importance of Vulnerability Scanning

March 21, 2025

This week on “Breaking Down I.T. with Steve,” we’re tackling a critical topic that every small business owner in the Pacific Northwest needs to understand: vulnerability scanning. You might think…

Read More

Bank of America Data Breach: A Wake-Up Call for Third-Party Security

March 19, 2025

Bank of America Corp. (NYSE:BAC) recently issued a warning to a select group of customers regarding a potential data breach, highlighting the ever-present threat of data security vulnerabilities, even within…

Read More