Be Aware of Zoom Phishing Scams

Late last year, video conferencing platform Zoom hosted around 10 million users - a pretty decent number for a service not many people knew existed. Fast forward to the COVID-19 pandemic currently burning through the globe and keeping people home, Zoom's user base has exploded to over 200 million users. That's a massive increase, and as with all things that attract that many people, expect an army of cyber attackers wanting a piece of the action.

It's no secret that cybercriminals follow the herd because that's where the money is. With Zoom experiencing record-breaking numbers, the scammers are out in full force, trying to trick users into giving up their login credentials or force them to download malware.

Hackers Are Impersonating Zoom on an Unprecedented Scale

According to a report by Check Point Research, hackers have registered more than 2,449 Zoom-related domains from late April to early May this year. Researchers were able to determine that 32 of those domains were outright malicious, and 320 were deemed "suspicious." Cybercriminals are wreaking havoc by using email to launch phishing emails meant to steal Zoom credentials and spread malware. Scammers would run phishing attacks that sent official-looking emails with a button to "open" the Zoom app, but was malware that would download itself once clicked.

Zoom attacks are targeting everyone, but most of the incidents involved individuals and businesses related to telecommunications, manufacturing, transportation, and the government. 

What to Look Out For

When it comes to Zoom scams, there are three emails you should watch out for.

1. The first email has a "Zoom Account" in the subject line and includes a welcome message for new users with new accounts. Scammers persuade users to click on a link to activate their Zoom account by entering their login credentials on a fake website controlled by the criminal, who will then collect and steal it.

2. The second email uses the subject line "Missed Zoom Meeting," informing you that you missed a meeting. The message will have a link that says, "Check your missed conference," that will take you to a fake website where you need to enter your details.

3. The third email is a campaign that targets manufacturing, energy, IT, construction, marketing, technology, and other industrial firms with malware, not phishing. The email subject lines include "Meeting Canceled - Could we do a Zoom call," wherein attackers are trying to gain access to computer files, personal information such as usernames and passwords, and credit card details.

There's another email to look out for, but it's aimed specifically at users in the US. They work in aerospace, technology, energy, healthcare, transportation, accounting, telecommunications, manufacturing, and government. This email isn't Zoom-related but uses a popular alternative Cisco WebEx.

Recommended Actions

As the number of Zoom-related attacks continues to rise, you need to remain vigilant and follow proper cyber hygiene practices.

• Take caution when opening emails from people not in your contacts or from those you do not recognize. When in doubt, verify the person with background check to see if the account holder is someone you know and contact him or her directly using the information you get from the background report. Please do not reply to the email you received or forward it to anyone else.
• Do not click any links or download files on an email from unknown senders and any correspondence that you weren't expecting. Always check the sender's details and the embedded URL by hovering (do not click) your mouse over the sender's email address and any links included.
• Ensure that your operating system (OS) and all programs installed on your device are updated with the latest security patches.
• Use strong and unique passwords for every account. Never use the same password twice. If you can use different usernames for each account, go for it. Using a password manager that can auto-generate a robust password is recommended. Alternatively, you can also use a string of three to four random words combined with two numbers.
• The only official domains for the Zoom platform are zoom.us or zoom.com. Everything else is a fake. Check for spoofed domains that sound like the real thing when you read it, such as zooom.us.

The Risks of Stolen Zoom Account Credentials

Stolen Zoom account credentials can act as a gateway that can unlock other online accounts such as personal or corporate email and social media. Nothing is safe when the target uses the same username/password combination for all his or her accounts and doesn't enable multi-factor authentication according to cybersecurity statistics. Stolen credentials can also be sold on the black market.

For the most part, these phishing scams give hackers free rein on a company's network if they can steal login credentials to provide them with an all-access pass to corporate files. They could also plant malware on a file server so that anyone who opens it will spread the infection.