Thanksgiving along with its merry brought numerous warnings of phishing attacks pretending to be Zoom meeting invites. Hosted on various landing pages, researchers learned that user credentials of thousands of user credentials have already been siphoned off by the attack.
With a lot of people hosting virtual thanksgiving in the USA, while people in other countries conducting Zoom meetings, as usual, Thanksgiving gave a prime opportunity for cybercriminals to perform attacks using zoom invites.
After receiving information on such attacks, researchers have shared more details on it.
This phishing attack pretends to be a Zoom meeting invites stating “You received a video conference invitation,” with a link that can be clicked on to review it, as shown below.
Clicking on the link opens a fake Microsoft login page which is hosted on google’s appspot.com domain. The page will automatically have the targeted user’s email address inputted into the phishing landing page and prompting the user to enter their password.
When their respective passwords have been used by the users, the phishing page will log the victims’ email addresses, passwords, IP addresses, geographic location, and whether the login credentials could successfully login to the email account.
As the credentials are entered by the users, these pages are verifying them by attempting to log into their accounts via IMAP.
This phishing attack has approximately stolen more than 3600 unique email addresses. However, with the number of landing pages that are utilized in this attack, the number could be even bigger than expected.
Our internal experts suggest that everyone should be cautious when they receive a Zoom invite during any festivities. If any invites resemble the phishing emails as shown above or if an invite requests you to enter login credentials then one must immediately stop and close the web page.
Clicking on a Zoom invite link should open the app, not bring you to another web page asking you to log in. One should immediately contact their organization’s administrator and change their password if anyone has fallen for this or this kind of an attack.
Cyberattacks are commonly conducted on the holidays when defenses are down, and staff is limited. Hence, it is advised to stay extra vigilant during the festive times.
To read more, please check eScan Blog
