Quote:Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals as they turn to video platforms like Zoom to virtually be together. In this ongoing attack, cybersecurity experts warn, victims are targeted with a Zoom-related and Thanksgiving-specific hook reminiscent to ZoomBoming — call it TurkeyBombing.
 
On Thursday, a security researcher warned that a major phishing campaign kicked off over the Thanksgiving long weekend and is aimed at stealing Microsoft credentials. Attackers have already successfully pried credentials out of thousands of users, according to the researcher who goes by the handle TheAnalyst.  According to the researcher, quoted in a BleepingComputer report, the attack is ongoing and forecast to continue.

The Turkey-Day themed email ploy leverages the juggernaut popularity of the Zoom Video Communications platform. Bogus messages are being sent en masse and falsely tell recipients, “You received a video conference invitation,” according to TheAnalyst. Messages, naturally, included a link to review the malicious invitation.
 
The link leads victims to a fake Microsoft login page hosted on a Google domain, Appspot.com. The domain is used primarily by developers to host web applications in the Google-managed data center.
 
According to the report when a victim is brought to the phishing page, their email address pre-populates the login field of the landing page. Next, they are prompted to enter their associated Microsoft account password.
 
If someone takes the bait, the phishing page not only records the victims’ email addresses and passwords, but also their IP addresses and geographic location. If it is determined the credentials successfully allow access to a privileged account, the attackers attempted to breach the account via Internet Message Access Protocol (IMAP) credential verification.