Some of the lures are not particularly original but can easily fool some of the users. For example, an email that welcomes the users to their new zoom account and requests them to click on the link to activate their account can be a phishing attack.
Similarly, phishing attackers are also sending an email which states that the user has missed a scheduled zoom video conference meeting and when a user clicks on the attached links to view meeting details, hackers enter the user’s system.
Phishing emails Impersonating Zoom and WebEx:
In both of the cases, the attackers are after credentials of the account users either for targeted user’s ZOOM or email account.
The fake emails coming from CISCO are a mixture of unconnected visuals and text lines, which commands attention and action. Phishing attackers are using words such as alerts, critical updates, etc. that impart a sense of urgency.
Many users will spot the malicious mail immediately as it has nothing to do with the WebEx brands. Still, there is always someone who panics or does not pay enough attention to the email format at the moment of reception and makes the mistake of entering the credentials of his/her user account.
The stolen credentials of video conferencing accounts can be used to log in to the ZOOM or WebEx accounts and violate confidentiality. They can also be used for selling in the black market or gaining more information about the target so that they can launch more severe attacks.
Malware Delivery Campaign
The researchers have also found another malware delivery campaign that does not impersonate the video conferencing brands but still exploits their widespread use.
The emails are made to look as if they are coming from a potential client who asks for a quote, says he is available for a ZOOM meeting and sends the users a booby-trapped excel file attached to the phishing email.
The recipient is requested to enable the Macros if he wants to view the contents of the attachment. If the recipient activates the macros, the attackers run a script which installs a legitimate remote control application. The hackers can use the application to access confidential files and sensitive information on the compromised system.
It is an excellent phishing attack idea that targets desperate ZOOM users who are looking for innocent ways of making extra bucks in the time of need. However, the users end up losing money and essential information if they fall into this trap.
What can the users do?
Always verify the source of emails before opening any attachment
Do not click any suspicious links or open any suspicious attachments
Stay alert about their meeting schedules and educate themselves on WebEx brands features
Install upgraded malware protection software in their devices