The coronavirus (COVID-19) pandemic has forced many workers to rely on remote solutions to do their jobs. In particular, video conferencing services like Skype and Zoom have seen an astronomical rise in usage. In tandem with this, phishing campaigns targeting remote workers have also seen a large increase. This is proven true with a particularly convincing phishing campaign making the rounds right now.
According to a blog post from Cofense, a company that specializes in phishing attack mitigation, there is a new campaign looking for Skype credentials. The attack is so convincing for the following reason, according to Cofense’s Harsh Patel:
For this attack, the threat actor created an email that looks eerily similar to a legitimate pending notification coming from Skype. The threat actor tries to spoof a convincing Skype phone number and email address in the form of 67519-81987[@]skype.[REDACTED EMAIL]. While the sender address may appear legitimate at first glance, the real sender can be found in the return-path displayed as “sent from,” which also happens to be an external compromised account. Although there are many ways to exploit a compromised account, for this phishing campaign the threat actor chose to use it to send out even more phishing campaigns masquerading as a trusted colleague or friend.
These phishing attacks have been able to bypass services like Proofpoint and Microsoft’s 365 EOP, meaning they are convincing enough to not get flagged as malicious. Since this is the case, it can make sense why some individuals, especially in these uncertain times, would fall victim to the attack. Times of high stress and a total social upheaval of what many deem to be normal can cause bad decisions.
The question remains, however, why would an attacker want Skype credentials in the first place? The best guess here is that Skype is under Microsoft’s umbrella of software. Microsoft allows users of its products (such as Xbox, Office, Windows, and Skype) to use one universal login. Starting to get it? With access to Skype credentials, an attacker can access everything in a Microsoft user’s library. This allows for a plethora of possibilities, from banking fraud to identity theft to even more phishing attacks.
Featured image: Pixabay
