A new zoom phishing campaign observed asking recipients to join a zoom meeting that threatens employees that their contracts will be either suspended or terminated.
The recipients are presented with a fake Zoom login page that asks recipients to input the login credentials.
Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration.
According to security researchers from Abnormal Security, more than 50,000 has been targeted. The campaign primarily targeted employees using Office 365.
With the campaign, the attacker impersonates Zoom by convincing the recipients to reach the fake landing page that mimics the notifications from Zoom.
The email contains a link with a fake login page “zoom-emergency.myftp[.]org” and the phishing domain hidden with the button such as “Join this Live Meeting”.
Once the victim enters the login credentials the details will be sent to the fake Zoom server controlled by attackers.
The email mimics as a reminder for meeting with HR regarding the termination, it creates a panic when the victims read the email, and hurriedly tries to join the meeting.
Threat actors crafted the email to be legitimate Zoom notification and the fake login also formatted like a legitimate meeting reminder commonly used by Zoom, reads Abnormal Security blog post.
“Frequent Zoom users would look at the login page, think their session has expired, and attempt to sign in again. They would be more likely to input their login credentials without checking the abnormalities in the phishing page.”
A Couple of days before a new Zoom flaw lets hackers record Zoom meeting sessions and to capture the chat text without the knowledge of meeting participants’ even though host disables recording option for the participants.
Cybercriminals continue to use the Coronavirus outbreak to launch various attacks such as malware, phishing, fraud, and disinformation campaigns.
In the current situation, most of the organization has been closed and the employees are provided with options to work from home. So the RDP and the video communication platforms are heavily targeted by attackers.
You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

source

You May Also Like

Modern Phishing Attacks; Fingerprints of Social Engineering

People are increasingly sharing their personal information online, thanks to the rapid…

Unpatched Address Bar Spoofing Flaw in UC Browser Exposes 600M Users to Phishing Attacks

An URL bar address spoofing vulnerability with the latest versions of UC…

The Biggest Phishing Scams of All Time

Nobody enjoys falling victim to one of the many online scams which…

Law enforcement Officers Busted Phishing Group That Uses 40 Websites to Steal Credit Card Data

On 22nd February 2022, Ukrainian Police officials arrested a group of threat…