As a result of the current pandemic crisis that we are all experiencing now, most of the companies shifted to work from home arrangements. Thus, online meetings for business are currently being conducted through video conferring software such as Zoom Meeting. It is currently one of the preferred conferring software now for business as well as in education.
They have recently promulgated that they have 300 million daily active meeting participants. A massive number of netizens are using this platform. As a result, it is now one of the targeted platforms of the Threat actors.
Malicious actors by spear-phishing activity are now targeting the zoom meeting platform. These attackers are sending a well-crafted email that includes a meeting link that will land to a fake meeting notification from Zoom. The email pretends to be an automated notification generated Zoom coming from the Human Resource department to discuss the recipient’s termination.
Once the malicious link is opened, it will direct the victim to a fake Zoom login page formatted like a legitimate Zoom login page: zoom-emergency.myftp.org. Any inexperienced user will panic, then most likely enter their Zoom credentials as a result of panic. In an unfortunate way that the recipients will fall victim, their login credentials, as well as other important information stored in their Zoom account, will inevitably be compromised.
The security researchers have concluded that this attack has found its way to more than 50,000 inboxes.
These cybercriminals are now performing increased cybercriminal activities in Zoom because of the enormous amount of people and businesses relying on it because of the current situation. Earlier on April 2020 we have reported the Zoom Bombing scheme, there were also reports that there are 500,000 stolen Zoom accounts have been discovered being sold in the Dark Web and now this, Zoom phishing email.
Whenever online, it’s important to be always heedful, especially of the email you receive that includes a link that asks for personal information. More so if the email is from an unknown source. Never fall victim to those hackers and always be on guard.
These are some other measures to protect yourself from this Phishing activity:
- Install the latest Antivirus program in your device so you’ll be prompt if you were directed to a fake website.
- Double check the email addresses that sent an email that’s concerning important information such as Banks. Make sure that the email address is legitimate. If you have doubts, DO NOT RESPOND OR CLICK ON ANY LINK/S.
- The legal website of Zoom is zoom.us. If the link that you got redirected looks something like “zoom.other-website.org”, its most probably a fraud site.
- Use a robust alphanumeric password in your Zoom account that is not being used elsewhere.
- Do not respond to instructions on the emails just to ‘Unsubscribe’ as it’s a standard scheme by scammers to confirm that the email address is active.