The presence of a subject line informing users that their “meeting attendees are waiting” serves to intrigue while also creating a sense of alarm & urgency, motivating users to click on the links in the email without pausing to check for their credibility.The inclusion of the date and day in the email’s display name and subject also places it in real-time and boosts its credibility. The use of a display name like “Zoom IP” suggests the email is sent from an official source.Here are a few ways how cybercriminals have attempted to make this email look like a legitimate notification: With Zoom increasingly becoming a popular videoconferencing app among businesses, it is not uncommon for professionals to receive an email like this in their inbox who might click on it thinking it is a legitimate invitation for an upcoming business meeting. This is a good example of how cybercriminals are leveraging on the uncertainty posed by the recent COVID-19 outbreak and its implications on the way we communicate and work. Please share this alert with your social media network to help us spread the word around this email scam. We strongly advise all recipients to delete these emails immediately without clicking on any links. After a few seconds, they are redirected to the legitimate Zoom homepage. Upon “logging in”, another message appears, telling users to verify their password due to a “sign in attempt timeout”:Īfter inserting their password a second and third time, users are led to another page informing them that “this video conferencing has been cancelled”. Interestingly, this page is not hosted either on a Zoom or a Microsoft domain, as per the below: Unsuspecting recipients who click on the email are led to a fake Microsoft-branded login page, and asked to “sign in to Zoom with your Microsoft 365 account”. A button is provided to “review invitation”. The body of the message is addressed to the email address displayed in the “to: field”, and informs recipients that they have received a video conferencing invitation. The scam actually originates from an Amazon Simple Email Service address which is unique to every email sent. Using a display name of “Zoom IP Monday, August 24, 2020”, the email is titled “Reminder: Your meeting attendees are waiting. MailGuard intercepted a phishing email scam masquerading as a Zoom meeting reminder that aims to trick users into handing over their confidential details.
With more businesses implementing remote working policies for their employees in light of the COVID-19 crisis, the usage of popular videoconferencing apps like Zoom is rising – and cybercriminals are using this spike to their advantage.
0 kommentar(er)
