"TurkeyBombing Puts New Twist on Zoom Abuse"

Cybercriminals have targeted victims with phishing emails hoping that many families would be using Zoom to call family and friends over the Thanksgiving weekend.  The major phishing campaign is aimed at stealing Microsoft credentials.  Threat actors already stole nearly 4,000 credentials before the holiday was even over, according to researchers. The email states, "You received a video conference invitation," and included a link to review the malicious invitation.  If a victim takes the bait, the phishing page records the victims' email addresses, passwords, IP addresses, and geographic location. If it is determined the credentials successfully allow access to a privileged account, the adversaries attempt to breach the account via Internet Message Access Protocol (IMAP) credential verification.

Threatpost reports: "TurkeyBombing Puts New Twist on Zoom Abuse"