Video conferencing platform Zoom continues to be popular among cybercriminals looking to trick email users.
MailGuard has intercepted another phishing email masquerading as a Zoom meeting invitation. The email uses a display name of “Zoom IP”, along with the date. However, the email address in the “from:” field doesn’t use a domain belonging to Zoom. The email actually originates from an Amazon SES account. Its subject is simply the date and time.
The email is short and to the point, and addresses recipients using their email address. It informs recipients that they have received a video conferencing invitation, with a link provided to review it. The email ends with “Best, Team Zoom”.
Here’s what it looks like:
Unsuspecting recipients who click on the email are led to a fake Microsoft-branded login page, and asked to “sign in to Zoom with your Microsoft 365 account”. Interestingly, this page is not hosted either on a Zoom or a Microsoft domain, but on what appears to be a compromised Oracle Cloud hosting account, as per the below:
.png?width=783&name=Zoom_Phishing_1%20(2).png)
Once users insert their password and “sign in”, they are led to an error message informing them of a “sign in attempt timeout".
.png?width=765&name=Zoom_Phishing_2%20(2).png)
We strongly advise all recipients to delete these emails immediately without clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.
This is a good example of how cybercriminals are leveraging on the uncertainty posed by the recent COVID-19 outbreak and its implications on the way we communicate and work. With Zoom increasingly becoming a popular videoconferencing app among businesses, it is not uncommon for professionals to receive an email like this in their inbox who might click on it thinking it is a legitimate invitation for an upcoming business meeting. Here are a few ways how cybercriminals have attempted to make this email look like an authentic notification:
- the use of a display name like “Zoom IP”, along with a sign off from “Team Zoom” suggests the email is sent from an official source,
- the inclusion of the date and day in the email’s display name and subject also places it in real-time and boosts its credibility, and
- the inclusion of the Microsoft logo and its branding elements in the phishing pages further aims to convince users into thinking the email is authentic.
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the phishing pages aren’t hosted on a Microsoft or Zoom domain, and that the email address used in the “from” field doesn’t use a familiar domain.
This practice of launching cyberattacks that are centered around ongoing trends isn’t anything new. Cybercriminals have long employed these tactics to take advantage of any disruptions and vulnerabilities in the hope that users’ uncertainties and fear around new changes will get better of them and they will not pause to check for the legitimacy of these emails.
Recently, we intercepted a similar phishing email that masqueraded as a Zoom meeting reminder, claiming that “your meeting attendees are waiting”.
We strongly advise being extra vigilant when you receive emails such as these and lookout for any tell-tale signs that might be suspicious.
As a precaution, MailGuard urges you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
Don't get scammed
If your company’s email accounts aren’t protected, emails like these are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.
