Latest cyber scam sees criminals try to steal Zoom account details
Some of the most popular video conferencing software platforms in use today are facing a number of new attacks from criminals looking to steal user login details.
According to experts at security firm Proofpoint, services such as Zoom and WebEx have become popular targets for criminals, with a number of new scams emerging online in recent weeks.
The scams include phishing attacks to steal user login details, allowing hackers access into a company’s network to cause havoc and spread malware.
Zoom phishing
Proofpoint outlined multiple scams detected by its services in recent weeks as video conferencing usage has soared across the world due to the ongoing coronavirus lockdown.
This included a phishing email scam where a message entitled “Zoom Account” pretends to welcome a user to their new Zoom account. The victim is then encouraged to activate their accounts by entering their login details on a different landing page, however this false site simply steals the information.
Also witnessed was an email claiming the recipient had missed a Zoom meeting, with the victim then told to click on a link to “Check your missed conference”. However this also takes the victim to a fake Zoom page where their logins are again stolen.
Cisco WebEx users were targeted by an email scam that claiming to be from the company, and using the correct logos and email domains. The message claims that the recipient needs to update their software in order to fix a security vulnerability – however once again, clicking the included link leads users to a phishing page where their details are harvested.
“Video conferencing has become very popular very quickly. Attackers have noticed and moved to capitalize on that popularity and brand strength,” noted Sherrod DeGrippo, Senior Director of Threat Research at Proofpoint.
“Not only are attackers using video conferencing brands as a lure for malware, but they’re using it for credential phishing, in particular to steal Zoom and WebEx credentials. This points to the increasing value of compromised video conferencing accounts. Stolen account credentials could be used to login to corporate video conferencing accounts and violate confidentiality. They also could likely be sold on the black market or used to gain further information about potential targets for launching additional attacks.”
Proofpoint is recommending users take caution when opening emails from contacts they do not recognise, and ensure their security protection is up to date with all the latest patches.
Some of the most popular video conferencing software platforms in use today are facing a number of new attacks from criminals looking to steal user login details. According to experts at security firm Proofpoint, services such as Zoom and WebEx have become popular targets for criminals, with a number of…
