Phishing attack targeting remote workers’ Skype credentials

The coronavirus (COVID-19) pandemic has forced many workers to rely on remote solutions to do their jobs. In particular, video conferencing services like Skype and Zoom have seen an astronomical rise in usage. In tandem with this, phishing campaigns targeting remote workers have also seen a large increase. This is proven true with a particularly convincing phishing campaign making the rounds right now.

According to a blog post from Cofense, a company that specializes in phishing attack mitigation, there is a new campaign looking for Skype credentials. The attack is so convincing for the following reason, according to Cofense’s Harsh Patel:

For this attack, the threat actor created an email that looks eerily similar to a legitimate pending notification coming from Skype. The threat actor tries to spoof a convincing Skype phone number and email address in the form of 67519-81987[@]skype.[REDACTED EMAIL]. While the sender address may appear legitimate at first glance, the real sender can be found in the return-path displayed as “sent from,” which also happens to be an external compromised account. Although there are many ways to exploit a compromised account, for this phishing campaign the threat actor chose to use it to send out even more phishing campaigns masquerading as a trusted colleague or friend.

These phishing attacks have been able to bypass services like Proofpoint and Microsoft’s 365 EOP, meaning they are convincing enough to not get flagged as malicious. Since this is the case, it can make sense why some individuals, especially in these uncertain times, would fall victim to the attack. Times of high stress and a total social upheaval of what many deem to be normal can cause bad decisions.

The question remains, however, why would an attacker want Skype credentials in the first place? The best guess here is that Skype is under Microsoft’s umbrella of software. Microsoft allows users of its products (such as Xbox, Office, Windows, and Skype) to use one universal login. Starting to get it? With access to Skype credentials, an attacker can access everything in a Microsoft user’s library. This allows for a plethora of possibilities, from banking fraud to identity theft to even more phishing attacks.

Featured image: Pixabay

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Microsoft Teams guest access: How to enable and manage it

Two of the main factors that affect the total cost of an organization’s Microsoft 365…

3 hours ago

Samsung Galaxy Unpacked 2020: Everything you need to know

Samsung rolled out the all-new Galaxy Z Fold 2, Note 20, Note 20 Ultra handsets…

7 hours ago

SAN vs. NAS: Detailed comparison of these two storage technologies

SAN and NAS provide dedicated storage for a group of users using completely different approaches…

10 hours ago

Generation 1 virtual machines: Modernize them and bring them up to date

In many companies, Generation 1 virtual machines have been superseded by Gen 2 VMs. But…

1 day ago

Free VPNs from Hong Kong with ‘no-log policy’ experience data leak

With these free VPNs based in Hong Kong, you may not be paying any money…

1 day ago

Azure DevOps tips and tricks: Using built-in features

These Azure DevOps tips and tricks come fresh from the field where they have been…

1 day ago