Zoom’s 200 million users are now being targeted by scammers and phishers, hoping to steal vital information.
As the majority of the workforce today has shifted to a remote work setting, video conferencing has never been more essential. At the forefront of the video-conferencing industry is Zoom, and in just a few weeks since the lockdowns were first implemented, the company saw a meteoric rise in user growth from 10 million to a jaw-dropping 200 million users.
With so many people turning to Zoom either for personal, school, or business-related use, it’s no surprise that the platform has become a big target for cybercriminals.
Zoom phishing is now a thing
A report recently published by cyber-security firm Proofpoint reveals that more and more cyber-attackers are using email in order to steal Zoom credentials. Proofpoint says that the cybercriminals aren’t directly attacking video-conferencing platforms like Zoom directly. Instead, they have begun to use the names and the brand of such platforms in order to distribute malware and steal account credentials.
A particular target for cybercriminals would be people working in the energy, manufacturing, and business sector of the United States. For this, cyber attackers would send emails that contain a subject line “Zoom Account” and is sent by a supposed admin account.
Basically, the email aims to lure individuals into giving their credentials by making them think they signed up for a new Zoom account. When a user clicks the link in the email, they would be redirected to a webmail landing page which asks them to enter their credentials.
Another Zoom-related method used by scammers and phishers is aimed at workers from the transportation, manufacturing, and technology industries. The goal is still the same, with credentials being the primary motivation of these attackers. But instead of a new Zoom account, the phishers claim that their targets have missed an important Zoom meeting. The email would contain a link with the title “Check your missed conference.”
Instead of the webmail landing page, the users will be taken to an imitation of a Zoom page and will be asked to enter their credentials.
Taking advantage
Cyber-attacks are at an all-time high this pandemic season. In fact, Google recently reported that it had been intercepting around 240 million spam emails and blocking 18 million COVID-19 related scams every day.
With countless of people stuck at home with nothing to turn to but the Internet, cybercriminals are definitely taking advantage of the uncertainty that the pandemic has brought. Zoom is still just recovering from the massive backlash it had recently faced with the security and privacy issues that were found in its services. Now, its name is being used to steal important information that could be used in a number of devious ways.
Images courtesy of Elle Cartier, Nahel Abdul Hadi, Philipp Katzenburger/Unsplash and Proofpoint