• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Skype Phishing Email Steals Microsoft Office Login

Skype Phishing Email Steals Microsoft Office Login

2020-07-29 by Michelle Dvorak

Skype Phishing

Attackers Are Using Skype Notifications to Steal Microsoft Office Credentials

Attackers are sending phishing emails disguised as fake Skype notifications to steal Microsoft credentials. The notification appears to be an automated email and attempts to trick the recipient into entering their login information on a spoof web page. The design of the phishing email and credential stealing site impersonates Microsoft’s Skype. The messaging mentions the victim’s employer and claims to be from their finance department.

The body of the Skype phishing email contains a cloaked link that claims to be a link to an invoice for Skype service. If the reader clicks on the link, they are redirected to a fraudulent Microsoft login page. The scam login page contains both Microsoft and Skype branding to make it appear authentic, says a report by cyber security researchers at Abnormal Security.

Skype Phishing Email – Image Credit: Abnormal Security

The attacker is also using a link tracking service. This enables them to track which recipients clicked on the link. The threat actor can also change the destination of the cloaked link. The credential phishing page is hosted on “web.app” rather than Microsoft.com

Protect Yourself with Malwarebytes

Why this cyberattack is dangerous

This cyberattack is especially dangerous because of increased use a video conferencing calls and an unusually high work-from-home workforce. Students, employees, and family are increasingly using messaging apps and video conferencing software like Skype, Zoom, and  Google Hangouts to complete their daily tasks, attend classes, and stay in touch with family and friends.  This gives hackers opportunities to steal login credentials or hack into live video sessions by stealing links to scheduled calls.

In this cyber attack, the threat actors are attempting to steal Microsoft Office login credentials. Even though it seems like a compromised email password is not critical, it gives the attacker leverage to further compromise an employer or even steal money. If the threat actor can hack into an email account, they can use it to send more phishing emails to other employees in the organization or anyone else on the contact list.

READ: Microsoft Reports Massive Office 365 Phishing Campaign

Why Reusing Passwords is Never a Good Idea

People commonly reuse the same password across multiple online accounts. When a threat actor gains access to one online account, like an email, they can scan  MS Outlook and find all the other online accounts that are attached to it. The hacker can try and use your email password to log into any other account that’s connected to this email. If that doesn’t work, then they can send password reset requests and have them sent to your compromised email address. For example, if you use your work email login to a bank account then the hacker may attempt to get into the bank account using your stolen Microsoft Office password.

To defend against phishing emails and credential-stealing attacks always use a unique password for every online account.

  • If you cannot remember a strong and unique password for every online account, then use a password vault to help create them and store them.
  • Use an anti-malware program to protect your computer and phone and to help detect phishing emails.
  • Always scrutinize every email even if you feel that you know the sender.
  • Never download an email attachment that you were not expecting. Call the sender and ask them if they sent something.
  • Do not click on links in emails to manage financial accounts or invoices. Always go directly to the financial institution website and log in directly.
  • When in doubt call

Filed Under: News Tagged With: Microsoft, phishing

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version