Living Off Trusted Sites: Zoom service abuse to deliver credential phishing attack

Sublime's Attack Spotlight series highlights the evolving email threat landscape by showcasing real-world attack samples and explaining adversary tactics, with a focus on a recent credential phishing attack using Zoom's platform. This particular attack exploited Zoom Events and Zoom Docs to deliver a phishing payload that mimicked a Microsoft Office 365 portal, ultimately leading unsuspecting users to a fake Microsoft login page to steal credentials. Sublime's AI-powered detection engine successfully prevented the attack by identifying suspicious signs such as vague language, unnamed senders, and credential theft indicators. The series emphasizes the importance of adaptive, AI-driven email security solutions to detect and prevent attacks that leverage trusted sites.