Threat Watch

Hackers Sending Fake Zoom Links Attempting to Steal Information

Although this specific instance doesn’t involve issues on Zoom’s side, it is still affecting their users. Abnormal Security discovered a campaign that involves attackers sending fake Zoom links through email in an effort to steal personal information and account credentials. The attackers are preying on the fear of people losing their jobs by sending Zoom meeting reminders with HR to discuss the termination of the recipient. The email includes the fake Zoom link which will actually take the target to a phishing site set up to look like the Zoom login page. Researchers believe that this scam has already made its way into nearly 50,000 inboxes.

ANALYST NOTES

Users should be cautious when opening links that require login. Always double-check the sender’s address and if the address is unfamiliar, the link should not be followed. Carefully inspect the web address of the login page before entering any passwords. The fake login page for this campaign was hosted at “zoom-emergency.myftp[.]org,” not the official “zoom[.]us” domain. Receiving suspicious emails that have a link purporting to be from Zoom or any site can be verified by simply going to the legitimate site using a bookmark or typing in the known website address and logging in that way.

Source: https://sea.mashable.com/tech/10274/double-check-those-zoom-meeting-invites-hackers-are-faking-them-to-steal-your-info?&web_view=true

Abnormal Attack Stories: Zoom Phishing