Zoom users, here are three dangerous emails that you should be careful about
In the second attack, hackers targeted energy, manufacturing, and business services in a bid to steal user credentials.
Zoom has been in the middle of a security crisis lately. Riddled with bugs and security flaws, the video conferencing platform, whose user base shot up from 10 million back in December 2019 to 200 million in March 2020, has been deemed unsafe to use by several companies and even governmental agencies. In addition to that, data of Zoom users has also been spotted being sold on the dark web for pennies. Now, Zoom users have a new threat to worry about.
Cyber security firm Proofpoint has observed a series of attacks wherein cyber criminals are targeting Zoom users via infected emails to steal account credentials, distribute malware, or harveste credentials for these spoofed video conferencing accounts.
The cyber security firm uses three different types of emails to target users. Here are the details:
-- In the first attack, cyber criminals target energy, manufacturing industrial, marketing/advertising, technology, IT and construction companies with ServLoader and the NetSupport remote access Trojans (RATs).
Hackers send a thanks message to the victim thanking them for their response to a fake Request for Quotation. This email contains a subject line which says -- [Company] Meeting cancelled - Could we do a Zoom call; or [Company] - I won't make it to Arizona - Could we talk over Zoom?; or The [Company] - I won't make it to Tennessee - Can we talk over Zoom?'; or The [Company] Meeting cancelled - Should we talk over Zoom?" and it includes an attachment that purports to be about that discussion. It offers to have a call via Zoom to discuss the matter.
-- In the second attack, hackers targeted energy, manufacturing, and business services in a bid to steal user credentials.
In this attack, victims get an email from a purported admin account with a subject line of "Zoom Account". The message body, as per the cyber security firm, includes a "lure that welcomes users to their new Zoom account and contains a link, which the recipient is urged to click in order to activate their Zoom account." When victims click the link, they are taken to a generic webmail landing page and asked to enter their credentials.
-- In the third attack, malicious actors use Cisco's Webex to target victims. According to Proofpoint, hackers target technology, accounting, aerospace, energy, healthcare, telecommunications, transportation, government, and manufacturing companies. They also target another video conferencing app Webex for harvesting users' account details.
These emails come from addresses such as -- "cisco@webex[.]com" and "meetings@webex[.]com" and they use subject lines such as -- "Critical Update!" or "Alert!" or "Critical Update!", "Your account access will be limited!" or "Your account access will be limited in 24h." or "Your account access will be limited!" to target users.