It’s like a daily routine for employees to click on start meeting. In most organizations, Zoom has been used all the time. Researchers revealed a zoom phishing attack on a major North American online brokerage company on 25 August 2022, in which a victim begins a legitimate Zoom session only to have their Microsoft credentials hijacked after landing on a fake Microsoft Outlook log-in screen.Ī study found that email attacks clone workflows that are used by most people every day. Since the early summer of 2020, most of those imperfections have now been fixed or mitigated, but newer issues have arisen on occasion. Pranksters and bored teenagers could, and occasionally still do, “Zoom bomb” public meetings with shocking or rude content. Other Zoom meeting participants could learn a lot about you. Like Zoom’s end-to-end encryption was not quite that. An expert review of its security and privacy practices revealed some concerning findings. In a Tom’s Guide article, they have researched and mentioned the problems Zoom has been experiencing in past. Therefore, it’s very easy for the victim to fall prey to it. The spoofed websites or email spoofing look very identical to the legitimate pages of Outlook and Microsoft Office 365. Similarly, hackers use a malicious link to redirect the victims to a fake login page that is hosted on a compromised server. This is done to bypass URL reputation checkers and remain undetected. This is unreadable to humans and automated security tools.
Further, the HTML, JavaScript, and PHP code is encoded. Hackers use a fake attachment that leads to a login page that is locally hosted on the recipient’s computer and not on the internet. Moreover, the attackers are even using techniques like obfuscation to make it very difficult for security systems to detect phishing pages. These zoom phishing attacks aim to steal credentials from services like Outlook and Office 365 by directing the user to spoofed login pages. Credential Harvesting is Their Aim in Zoom Phishing Attacks It is very difficult for Secure Email Gateways (SEGs) to catch them due to the legitimacy attached to the domain names used by these threat actors. Additionally, some phishing emails also used new email domain names such as zoomcommunicationscom or zoomvideoconferencecom. The display name in the email headers shows “Zoom – This makes it appear as if it is genuinely from Zoom.Īlong with this, most of the email domains used came from legitimate but compromised accounts. Zoom Phishing Attacks Email Format (Source: Bleeping Computer)
The victims receive emails saying that Zoom has undergone a server upgrade, prompting them to verify their account if they want to continue making or receiving calls through this app.
0 kommentar(er)
