Hot Topics
Security Bloggers Network 
SBN

Threat Alert: Zoom Impersonated for Phishing Attacks

by Rishi Khemani on February 15, 2021


Phishing attacks rose 220 per cent during the height of the Covid-19 pandemic compared to the yearly average

-Gulf Business

Ever since the pandemic hit the world, businesses have made adjustments to keep the ball in motion. Remote work culture has dominated the world in these times of massive lockdown. Video conferencing apps like Zoom became a popular medium for daily meetings to discuss the plans of action and everyday work developments.

 

The popularity of Zoom has also turned it into one of the cyber criminals’ most lucrative tools for exploiting innocent individuals. Perpetrators have been using emails to trap their victims using the name of this app to launch phishing attacks on unsuspecting users. 

 

Phishing Attacks Use Zoom’s Name

The victims receive emails saying that Zoom has undergone a server upgrade, prompting them to verify their account if they want to continue making or receiving calls through this app. The display name in the email headers shows “Zoom – no-reply@zoom[.]us”. This makes it appear as if it is genuinely from Zoom. 

 

Along with this, most of the email domains used came from legitimate but compromised accounts. Additionally, some phishing emails also used new email domain names such as zoomcommunications[.]com or zoomvideoconference[.]com. It very difficult for Secure Email Gateways (SEGs) to catch them due to the legitimacy attached with the domain names used by these threat actors.

 

Credential Harvesting is Their Aim

These phishing attacks aim to steal credentials to services like Outlook and Office 365 by directing the user to spoofed login pages. Moreover, the attackers are even using techniques like obfuscation to make it very difficult for security systems to detect the phishing pages.

 

Hackers use a fake attachment that leads to a login page that is locally hosted on the recipient’s computer and not on the internet. Further, the HTML, JavaScript and PHP code is encoded. This is unreadable to humans and automated security tools. This is done to bypass URL reputation checkers and remain undetected.

 

Similarly, hackers use a malicious link to redirect the victims to a fake login page which is hosted on a compromised server. The spoofed websites look very identical to the legitimate login pages of Outlook and Microsoft Office 365. Therefore, it’s very easy for the victim to fall prey to it.

 

How Can You Identify a Phishing Email

Phishing attacks have evolved over time and have become even more complex to differentiate from legitimate emails. The cost of recovery from a successful phishing attack that results in credential harvesting can be huge. Some measures to detect phishing attacks are mentioned below-

 

  1. Check the email domain name – You should check the name and email address of the sender very carefully. The domain name of a legitimate sender would look like abc@company[.]com. However, a phishing email would contain a sender id which would say abc@commpany[.]com or abc@companny[.]com. 

     

  2. Be wary of requests for sensitive information – The purpose of phishing attacks is to harvest sensitive information from the victims. A legitimate email would never ask you to send such information through email. Therefore, this is a major red flag when it comes to detecting phishing emails.

     

  3. Check the content of the email – Typically, a phishing email would contain numerous spelling mistakes and grammatical errors. Legitimate emails from companies will never contain such mistakes as they have dedicated teams of employees who write emails on their behalf. It’s better to check for the genuineness of the sender if the email body contains any spelling mistakes or grammatical errors.

     

  4. Check for suspicious links – Phishing emails come with a gateway. It can be in the form of redirection to a fake website or an attachment that needs to be downloaded. Genuine companies never ask you to download any such attachments or click any such links.

     

  5. Check for free offers or coupons – Phishing emails usually contain offers that sound very attractive. The objective is to make the victim click on the link for availing the offer. This starts the process of redirecting the victims to a bogus website or getting them to download a malicious attachment. 

 

 

Measures to Prevent Phishing Attacks

Threat actors have found ways to evade the barriers of spam filters and land their phishing emails in the inboxes of the recipients. Some ways to prevent phishing are mentioned below-

 

  1. Use awareness training tools like ThreatCop for creating cyber security awareness among employees. Moreover, this tool can provide the organization with handy information about the status of their employees in terms of cyber vulnerability. Along with this, it also provides employees with useful awareness training at the end of the campaign.

     

  2. Use Multi-Factor Authentication (MFA) to add an extra layer of protection. This can enhance the security of sensitive information. Moreover, MFA is a very user-friendly defense mechanism for the end user. Along with this, MFA comes with Single-Sign-On (SSO) solution. It helps in prevention of losing data due to password misplacement.

     

  3. Use Phishing Incident Response Tools like Threat Alert Button to secure the organization from emails from suspicious domains for the future. It removes reported malicious mails directly from the user’s inbox.

     

  4. Back up your data on an external hard drive to prevent potential loss of money due to ransomware.

     

  5. Encrypt all the sensitive information possessed by the organization about clients and their systems.

     

  6. Implement KDMARC to secure your domain against forgery and misuse. Limiting phishing attacks that use your organization’s domain can save the organization’s reputation and client relationships.

     

  7. Conduct VAPT to test the organization for vulnerabilities and upgrade the systems accordingly to satisfy the standard of cyber security required.

 

“If you’re proactive, you focus on preparing. If you’re reactive, you end up focusing on repairing.”

 

-John C Maxwell

 

Malicious actors are now equipped with newer technology and methods to carry out phishing attacks. However, if people are careful and smart enough to spot such emails, the damage from these attacks can be prevented. 

 

Turn Your Employees Into A Cyber Threat Shield

Make your employees proactive against prevailing cyber attacks with ThreatCop!

Get Free Phishing Simulation

The post Threat Alert: Zoom Impersonated for Phishing Attacks appeared first on Kratikal Blog.

*** This is a Security Bloggers Network syndicated blog from Kratikal Blog authored by Rishi Khemani. Read the original post at: https://www.kratikal.com/blog/threat-alert-zoom-impersonated-for-phishing-attacks/

Rishi Khemani , , , , , , ,