Sunday, June 22, 2025

Tech News, analysis, updates, comments, reviews

Zoom’s 200 Million Users Are Facing A Serious New Threat

Late last year, the Zoom video conferencing platform was hosting 10 million users, and that figure has surged to 200 million today.

It’s a well-known fact that cyber-attackers always follow the money, so it’s no surprise that they are now targeting Zoom’s millions of users to try and persuade them to give away their log in credentials or download malware.

The cyber-criminals are attempting to do their worst via a very simple medium: Email. That’s according to cybersecurity researchers at Proofpoint, who have discovered a wave of “phishing” emails intending to steal Zoom credentials and spread malware.

The emails you need to look out for 

The attacks are targeting individuals and businesses in the transportation, government, telecommunications and manufacturing sectors, Proofpoint says.

There are three emails to look out for. The first has the subject line “Zoom Account” and includes a message welcoming new users to their account. However, attackers then encourage users to click on a link and activate their Zoom account by entering their login details–which the criminal will then steal.

The second email, which has the subject line “Missed Zoom Meeting,” informs you that you’ve just missed a Zoom meeting. Attackers then want you to click a link to “check your missed conference,” so you again enter your details which they can steal.

Zoom-email-scam-security-phishing

An example of a scam Zoom email.

Proofpoint

The third scam discovered by Proofpoint is aimed at U.S. based users working in industries such as technology, accounting, aerospace, energy, healthcare, telecommunications, transportation, government, and manufacturing companies. It targets another popular video conferencing service Cisco WebEx. The Cisco WebEx scam reads: “Alert!” “Your account access will be limited!”

Attackers will then try to make you “update your WebEx” to fix a security vulnerability, by leading you to a phishing page.

Another small campaign targets energy, manufacturing industrial, marketing/advertising, technology, IT and construction firms with malware. With email subject lines including “Meeting cancelled – Could we do a Zoom call,” attackers are hoping users will help them gain access to their files and information including usernames, passwords and credit card data.

The risks, and what to do

Zoom is already under fire from users for privacy violations and for misleading claims about the platform being end to end encrypted, but it’s implementing measures to try and be better.

Zoom’s also suffered from vulnerabilities affecting users of operating systems including Windows and Mac OS–which have since been fixed.

This latest threat is not Zoom or the other target WebEx’s fault; it has simply happened because more users equals more people to try to attack.

“Video conferencing has become very popular very quickly,” Sherrod DeGrippo, Proofpoint’s senior director of Threat Research says.“Attackers have noticed and moved to capitalize on that popularity and brand strength.

“Not only are attackers using video conferencing brands as a lure for malware, but they’re using it for phishing, in particular to steal Zoom and WebEx credentials.”

So what are the risks? According to DeGrippo, stolen account credentials could be used to login to corporate video conferencing accounts. In addition: “They also could likely be sold on the black market or used to gain further information about potential targets for launching additional attacks.”

Phishing emails will continue to target any successful service or app, and the most effective way to prevent becoming a victim is to be aware and careful. Don’t click on links in emails without checking where they come from first.

Look for spelling errors and strange sender names, and avoid entering your credentials on a site via an email. Instead log into the app directly, and see if any action needs to be taken.

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Taking Control of Your Genetic Privacy

Practical steps to delete your 23andMe genetic data and protect your biological privacy, with global considerations for data protection.

A Cybersecurity Perspective on Border Searches and Digital Privacy

Exploring the challenges of phone privacy at borders, this post reflects on cybersecurity strategies and global implications for travelers and professionals.

Why Kenya’s Cybersecurity Boom Matters More Than The Numbers Suggest

The statistics tell one story about Kenya's cybersecurity market. A 10.54% growth rate through 2029, reaching $92.64 million. The need for 10,000 new experts by 2025. Organizations scrambling to boost budgets by 34% after cyberattacks hit M-PESA and Kenya...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.