Given all the changes with more people working remote, Zoom meetings have become an everyday occurrence for our business customers.
Unfortunately hackers are great at spotting trends and taking advantage of them....if only they could turn those energies into doing good for others.
In this case its: Fake Zoom invites.
The attackers send their Zoom email invites through a legitimate email provider, so it's more likely that those messages will reach their intended targets (you or your employees).
Once you click on the link (who doesn't want to miss a meeting with their boss or a client?), you are forced to jump through a few hoops and end up at a convincing login page for Office 365. You, or your employee, dutifully enter their Microsoft credentials but cant get in. You chalk it up to a Microsoft issue or you must have forgotten your 1 of 500 passwords you need to keep track of.
However, the login page was FAKE. Your attempts to log in was merely handing your credentials over to the hackers, who now have collected an estimated 400,000 user names and passwords using this technique.
Armed with your working user name and password combinations, the hackers behind the phishing campaign can log into a your, or your employees, accounts and use that as a springboard to take over computers and other accounts....ouch.
So how do you know the Zoom Invites are real?
- Ask yourself....am I expecting the invite? If the answer is no, your spider senses should go up.
- Search your other emails for Zoom to see if there is a corresponding event you may of registered.
- If you find no other record or references, delete the invite...if it was a critical meeting, someone will probably call you. If it was a legitimate seminar, its probably been recorded.
Reference materials:
