Late last year, the Zoom video conferencing platform was hosting 10 million users, and that figure has surged to 200 million today.
It’s a well-known fact that cyber-attackers always follow the money, so it’s no surprise that they are now targeting Zoom’s millions of users to try and persuade them to give away their log in credentials or download malware.
The cyber-criminals are attempting to do their worst via a very simple medium: Email. That’s according to cybersecurity researchers at Proofpoint, who have discovered a wave of “phishing” emails intending to steal Zoom credentials and spread malware.
The emails you need to look out for
The attacks are targeting individuals and businesses in the transportation, government, telecommunications and manufacturing sectors, Proofpoint says.
There are three emails to look out for. The first has the subject line “Zoom Account” and includes a message welcoming new users to their account. However, attackers then encourage users to click on a link and activate their Zoom account by entering their login details–which the criminal will then steal.
The second email, which has the subject line “Missed Zoom Meeting,” informs you that you’ve just missed a Zoom meeting. Attackers then want you to click a link to “check your missed conference,” so you again enter your details which they can steal.
An example of a scam Zoom email.
Proofpoint
The third scam discovered by Proofpoint is aimed at U.S. based users working in industries such as technology, accounting, aerospace, energy, healthcare, telecommunications, transportation, government, and manufacturing companies. It targets another popular video conferencing service Cisco WebEx. The Cisco WebEx scam reads: “Alert!” “Your account access will be limited!”
Attackers will then try to make you “update your WebEx” to fix a security vulnerability, by leading you to a phishing page.
Another small campaign targets energy, manufacturing industrial, marketing/advertising, technology, IT and construction firms with malware. With email subject lines including “Meeting cancelled – Could we do a Zoom call,” attackers are hoping users will help them gain access to their files and information including usernames, passwords and credit card data.
The risks, and what to do
Zoom is already under fire from users for privacy violations and for misleading claims about the platform being end to end encrypted, but it’s implementing measures to try and be better.
Zoom’s also suffered from vulnerabilities affecting users of operating systems including Windows and Mac OS–which have since been fixed.
This latest threat is not Zoom or the other target WebEx’s fault; it has simply happened because more users equals more people to try to attack.
“Video conferencing has become very popular very quickly,” Sherrod DeGrippo, Proofpoint’s senior director of Threat Research says.“Attackers have noticed and moved to capitalize on that popularity and brand strength.
“Not only are attackers using video conferencing brands as a lure for malware, but they’re using it for phishing, in particular to steal Zoom and WebEx credentials.”
So what are the risks? According to DeGrippo, stolen account credentials could be used to login to corporate video conferencing accounts. In addition: “They also could likely be sold on the black market or used to gain further information about potential targets for launching additional attacks.”
Phishing emails will continue to target any successful service or app, and the most effective way to prevent becoming a victim is to be aware and careful. Don’t click on links in emails without checking where they come from first.
Look for spelling errors and strange sender names, and avoid entering your credentials on a site via an email. Instead log into the app directly, and see if any action needs to be taken.