Phishing for Xfinity credentials with malicious Zoom Docs

Sublime's Attack Spotlight series aims to inform readers about the email threat landscape by showcasing real-world attack samples, detailing adversary tactics and techniques, and explaining detection methods. A recent attack involved credential phishing targeting Microsoft users by impersonating Xfinity customer service, using email tactics like misspellings and urgent language to evade detection. The attack began with an email from a Gmail address masquerading as Xfinity's "Customer Services Team," urging users to update their accounts via a misleading Zoom Doc link. This email contained subtle signs of deception, such as domain mismatches and filter evasion strategies. Sublime's AI-driven detection engine and machine learning-powered Link Analysis were instrumental in identifying and preventing this attack. The series underscores the importance of adaptive email security platforms that utilize AI and machine learning to detect LOTS (Living off Trusted Sites) attacks, which exploit trusted domains for malicious purposes.