A new Zoom phishing campaign preys on people’s fears
related to job security, tricking them into revealing credentials that
criminals can abuse in a variety of ways.
The practice of Zoom-bombing is still common across the
world, even though the Zoom application has been updated numerous times and new
security features have been quickly implemented.
Sometimes, Zoom-bombings happens because people share
details of upcoming meeting in public forums, or fail to secure them properly.
But Zoom-bombing also happens to secured meetings, which should technically be
extremely difficult, bordering on impossible, in the absence of a vulnerability
or exploit.
Ever wondered how bad actors log in to secure Zoom
meetings or how credentials are sold on the black market, even in the absence
of a data breach? Phishing is one way to extract valid credentials from people,
tricking them into revealing sensitive information. The fake Zoom website could
be used to other types of credentials, not necessarily only for the application
itself.
Researchers from Abnormal Security identified one such
phishing campaign, delivered through a simple link. People were notified about
their supposed termination and asked to log in to a fake website that looks
very much like Zoom.
“The email contains a link to a fake Zoom login page
hosted on ‘zoom-emergency.myftp.org’,” reads the advisory.
“Links to the phishing page are hidden in text used in automated meeting
notifications such as ‘Join this Live Meeting’. Should recipients fall victim
to this attack, login credentials as well as any other information stored on
Zoom will be compromised.”
As usual, people are advised to not open emails from
unknown sources, click on links, or open attachments. The COVID-19 pandemic is fertile
ground for all kinds of spam and phishing campaigns, and criminals will try to
use it to their advantage.