A new Zoom phishing campaign preys on people’s fears related to job security, tricking them into revealing credentials that criminals can abuse in a variety of ways.
The practice of Zoom-bombing is still common across the world, even though the Zoom application has been updated numerous times and new security features have been quickly implemented.
Sometimes, Zoom-bombings happens because people share details of upcoming meeting in public forums, or fail to secure them properly. But Zoom-bombing also happens to secured meetings, which should technically be extremely difficult, bordering on impossible, in the absence of a vulnerability or exploit.
Ever wondered how bad actors log in to secure Zoom meetings or how credentials are sold on the black market, even in the absence of a data breach? Phishing is one way to extract valid credentials from people, tricking them into revealing sensitive information. The fake Zoom website could be used to other types of credentials, not necessarily only for the application itself.
Researchers from Abnormal Security identified one such phishing campaign, delivered through a simple link. People were notified about their supposed termination and asked to log in to a fake website that looks very much like Zoom.
“The email contains a link to a fake Zoom login page hosted on ‘zoom-emergency.myftp.org’,” reads the advisory. “Links to the phishing page are hidden in text used in automated meeting notifications such as ‘Join this Live Meeting’. Should recipients fall victim to this attack, login credentials as well as any other information stored on Zoom will be compromised.”
As usual, people are advised to not open emails from unknown sources, click on links, or open attachments. The COVID-19 pandemic is fertile ground for all kinds of spam and phishing campaigns, and criminals will try to use it to their advantage.