According to a report from Check Point Research, hackers have registered domains posing as Google Meet, Microsoft Teams and Zoom-related URLs. As more people are relying on video conferencing apps as the global lockdown carries on, these domains could be used to imitate official links and trick users into downloading malware or give a hacker access to personal information.
Over the last three weeks, 2,449 Zoom-related domains have been registered and Check Point Research says that 32 of those are malicious while 320 are "suspicious". Check Point Research also gave the example of an attempted phishing attack where hackers sent an email that looked like an official email from Microsoft Teams. However, the button in the email that would 'open' Teams was a malicious URL that downloaded malware to the user's computer.
Hackers have also been posing as the Work Health Organization (WHO) and sending phishing emails with attachments that download malware when clicked on, Check Point Research said. The report included two emails asking for donations for WHO and the United Nations but "requesting" that donation be sent to "several known compromised bitcoin wallets".
And Check Point Research is not alone in these revelations. Google has also observed donation scams in emails that are impersonating organisations like WHO. Google said that in mid-April it has seen more than 18 million daily malware and phishing emails related to Covid-19 in one week.