Cybersecurity researchers at UK-based Sophos have revealed hackers are now targeting people across the world with sending emailed with links to fake Zoom HR and payroll discussion video meetings to steal your personal and other credentials.
Scammers have turned to employment worries as their latest lure for Zoom phishing scams and researchers from the ‘Naked Security’ team at SophosLabs witnessed several examples of such phishing emails, with subject line saying “You are invited to join the q2 meeting”.
“This is a reminder that your scheduled Zoom meeting with Human Resources and Payroll Administrative Head will start in few minutes. Your presence is crucial to this meeting and equally required to commence this Q1 perfomance review meeting. Join this Live Meeting,” says one such bogus Zoom message.
“The subject lines, message layout and meeting descriptions vary slightly, but the basic idea is the same,” revealed the cybersecurity team.
There is the link in the Zoom message and once you click it, you will be directed to a portal with a login window that looks similar to video meet app Zoom.
“The phishers probably don’t care what password you enter as long as it’s a valid one they can use on one of your accounts, but you’ll notice they’ve put the suggestion text Email Address Password into the password field instead of just Password as you see on Zoom’s page,” explained Sophos.
“Remember that access to your email account is likely to be worth a lot more to the crooks than your Zoom account would be, for the important reason that your email account is probably the way you go about doing password resets for many of your other accounts”.
Whatever you enter as password on the fake site, you will end up redirected to a genuine and vaguely relevant Zoom help page, as though something went wrong and you should simply try again.
“In this way, the crooks don’t need to simulate a successful login or to pretend that your login failed – they just leave you in one of those ‘I wonder what happened there’ moments where your inclination is simply to go back and start over,” said the researchers.
By the time you see the genuine Zoom help page, the email address and the password you entered have already been posted to the crooks instead of sent to Zoom.
“If someone else is inviting you to a meeting, you shouldn’t need to login to Zoom first, given that they’re hosting. Don’t login after clicking links in emails,” advised the team.
Zoom was yet to comment on the report.
Enable two-factor authentication if you can. Zoom supports 2FA, based on one-time codes generated by an app on your phone, and most email services do, too.
“If you were phished, change your password at once. Even if you fall for a phish at first, many phishes are obvious after you put in your password because you don’t end up where you should and the deception stands out,” said the Sophos team.
If you have an interesting article / experience / case study to share, please get in touch with us at firstname.lastname@example.org