A new zoom phishing campaign observed asking recipients to join a zoom meeting that threatens employees that their contracts will be either suspended or terminated.
The recipients are presented with a fake Zoom login page that asks recipients to input the login credentials.
Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration.
Zoom Phishing Campaign
According to security researchers from Abnormal Security, more than 50,000 has been targeted. The campaign primarily targeted employees using Office 365.
With the campaign, the attacker impersonates Zoom by convincing the recipients to reach the fake landing page that mimics the notifications from Zoom.
The email contains a link with a fake login page “zoom-emergency.myftp[.]org” and the phishing domain hidden with the button such as “Join this Live Meeting”.
Once the victim enters the login credentials the details will be sent to the fake Zoom server controlled by attackers.
The email mimics as a reminder for meeting with HR regarding the termination, it creates a panic when the victims read the email, and hurriedly tries to join the meeting.
Threat actors crafted the email to be legitimate Zoom notification and the fake login also formatted like a legitimate meeting reminder commonly used by Zoom, reads Abnormal Security blog post.
“Frequent Zoom users would look at the login page, think their session has expired, and attempt to sign in again. They would be more likely to input their login credentials without checking the abnormalities in the phishing page.”
A Couple of days before a new Zoom flaw lets hackers record Zoom meeting sessions and to capture the chat text without the knowledge of meeting participants’ even though host disables recording option for the participants.
Cybercriminals continue to use the Coronavirus outbreak to launch various attacks such as malware, phishing, fraud, and disinformation campaigns.
In the current situation, most of the organization has been closed and the employees are provided with options to work from home. So the RDP and the video communication platforms are heavily targeted by attackers.