Zoom account details targeted in latest cyber scam
Multiple scams aim to steal video conferencing logins
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Topvideo conferencingsoftware platforms are facing a number of new attacks from criminals looking to steal the login details of their users.
According to experts at security firm Proofpoint, services such asZoomand WebEx have become popular targets for criminals, with a number of new scams emerging online in recent weeks.
The scams include phishing attacks to steal user login details, allowing hackers access into a company’s network to cause havoc and spread malware.
Make careless data decisions history with our dark web monitoring and alerts. Get Dashlane for seamless, private ‘interneting’ with 2FA (two-factor authentication) by default. Your privacy matters to us so that’s why there’s no limit on devices or passwords stored or shared.
Zoom phishing
Proofpoint outlined multiple scams detected by its services in recent weeks as video conferencing usage has soared across the world due to the ongoing coronavirus lockdown.
This included a phishing email scam where a message entitled “Zoom Account” pretends to welcome a user to their new Zoom account. The victim is then encouraged to activate their accounts by entering their login details on a different landing page, however this false site simply steals the information.
Also witnessed was an email claiming the recipient had missed a Zoom meeting, with the victim then told to click on a link to “Check your missed conference”. However this also takes the victim to a fake Zoom page where their logins are again stolen.
Cisco WebEx users were targeted by an email scam that claiming to be from the company, and using the correct logos and email domains. The message claims that the recipient needs to update their software in order to fix a security vulnerability - however once again, clicking the included link leads users to a phishing page where their details are harvested.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Video conferencing has become very popular very quickly. Attackers have noticed and moved to capitalize on that popularity and brand strength,” noted Sherrod DeGrippo, Senior Director of Threat Research at Proofpoint.
“Not only are attackers using video conferencing brands as a lure for malware, but they’re using it for credential phishing, in particular to steal Zoom and WebEx credentials. This points to the increasing value of compromised video conferencing accounts. Stolen account credentials could be used to login to corporate video conferencing accounts and violate confidentiality. They also could likely be sold on the black market or used to gain further information about potential targets for launching additional attacks.”
Proofpoint is recommending users take caution when opening emails from contacts they do not recognise, and ensure their security protection is up to date with all the latest patches.
“We agree with ProofPoint that users across all services and technology platforms should be cautious with emails, links or files received from unknown senders, and that users should take care to only click on authentic links or open attachments to known and trusted service providers,” Zoom said in a statement toTechRadar Pro.
“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name. Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
