Type to search

IT Security IT Tips Online Security Popular Tech

Zoom-Related Phishing Scams For You To Know

The IT Universe Writers

As of late 2019, the video telephony application Zoom hosted about 10 million people. Given that not many individuals were aware of its existence, that is a decent number of users. In this coronavirus epidemic period, the Zoom user count has gone up to above 200 million. This is a huge increase, so numerous cyber attackers are likely to exploit the platform to get in on the action.

Cybercriminals are known to follow the crowd as therein lies the chance to get funds unscrupulously. As Zoom has record-breaking figures, it seems that all those immoral parties are active, attempting to make users give away their sign-in credentials or download malicious software.

Hackers Impersonate Zoom On A Never-Before-Seen Scale

As per Check Point Research’s recent report, over 2,449 domains related to Zoom were registered for hackers from April to May 2020. Researchers found out that around 30 of the said domains were malicious, and that 320 were considered ‘suspicious’. Cybercriminals still create much damage with email as a tool to send phishing electronic messages for Zoom-related credentials and spreading malicious software. Scammers would do phishing attacks that deliver seemingly official messages through a button made for launching the Zoom application. If users click the button, they would end up downloading malicious software instead of opening Zoom.

The Zoom attacks target all sorts of people, but almost all of these are aimed at businesses and individuals associated with telecommunications, the government, transportation, and manufacturing.

Things To Keep An Eye Out For

In the case of Zoom scams, you have to be wary of the following emails.

  • The email with the phrase ‘Zoom Account’ as its subject line, plus a message that seemingly welcomes new Zoom users. Scammers encourage the user to click a hyperlink to make their account active by entering its sign-in credentials on their fake site, to steal these credentials.
  • The email with ‘Missed Zoom Meeting’ as its subject line. There will be a link in it that encourages you to look at your seemingly missed Zoom conference. Clicking the link will lead you to some fake site where you are supposed to key in your information.
  • The other email is one that targets energy, IT, manufacturing, technology, marketing, and other industry businesses with malicious software. With its subject line, cybercriminals attempt to access details like user passwords and usernames, credit card information, and computer files.

There is a different email to be aware of, but it is targeted specifically to the US-based users working in these sectors; government, energy, aerospace, technology, transportation, healthcare, telecommunications, accounting, and manufacturing. Instead of Zoom, the electronic mail uses a well-known substitute Cisco WebEx.

Suggested Measures Against The Scams

Zoom-related attack counts are going up, so you should stay vigilant as well as act as per proper cybersecurity practices.

  • Exert caution at the time of opening electronic mails from individuals who are outside of your contact list or are anonymous to you. If in doubt, do a background verification to know whether that individual is somebody you know. There are some email finder websites to do that. If you get the person’s contact information from one of those websites, use it to communicate with them. Never reply to these kinds of emails or forward them to another party.
  • Avoid clicking any link and downloading files attached to an electronic mail from anonymous people, as well as any unexpected correspondence. Look at that sender’s information and the related web address by hovering the mouse over their email ID and any link added.
  • Confirm that the OS and every software program on your computer are updated using the most recent security patches.
  • Utilize hard-to-crack passwords for all accounts. Do not use one password for multiple accounts. If possible, utilize different usernames per account. We would also recommend using the kind of software program that can automatically create strong passwords. Alternatively, you may use a linear sequence of 3 to 4 random words coupled with 2 numbers.
  • The official Zoom domain names end with .com and .us as their extensions. This means a domain name having any other extension is not genuine. Be wary of the fake domain name with a few extra characters added to make it appear a genuine one.

The Dangers Of Stolen Credentials For Zoom Accounts

These credentials can work in the form of a tool that unlocks other internet accounts, like those related to social networking websites or personal/corporate email. Nothing would be safe if you use one password and username for all of your accounts and do not turn on multi-factor authentication as per cybersecurity statistics. It is also possible to sell stolen credentials as black-market transactions.

Can hackers steal sign-in credentials? If yes, the above phishing scams would usually offer them the freedom to do what they want on an enterprise’s network. They could put malicious software on the file server concerned in order to make any person who opens the program spread it.