How Hackers are Impersonating Video Conference Software for Phishing Attacks?
Cybercriminals always wait for loopholes so that they can exploit user’s private and professional data through phishing techniques.
In COVID-19 pandemic they are again tailoring attack methods to take advantage of fear streaming between remote workers through new phishing campaigns and video conferencing scams.
So in this article, we are going to discuss how the hackers impersonating video conferencing software or services for a phishing attack?
According to US-based intelligence research firm Check Point Research, hackers have registered thousands of domains that constitute ZOOM, Microsoft Teams, and Google Meets. Because there are lots of official users significantly using these videoconferencing services during the COVID-19 pandemic.
How Cybercriminals Impersonating ZOOM, Microsoft Teams, and Google Meets for Phishing Scams?
To control the spread of the coronavirus now, the company authorizes their employee to start working from home and they using video conferencing apps like ZOOM, Microsoft Teams, Google Meet, and Skype to attend their meetings.
But according to Check Point Research, there are around 2500 new ZOOM related domains that were registered in April, and 32 of them are malicious which 1.5 % of overall registered domains are. Also, 320 domains are suspicious which 13% of overall registered ZOOM related domains are.
But ZOOM is not the only video conferencing service where hackers are impersonating phishing scams. Video conferencing app like Microsoft Teams and Google Meets also has been used as a lure to victims.
The phishing emails are the same as authentic emails with a subject like you have been added to a team in Microsoft Teams. But the emails contained a malicious URL and if you clicked on the URL, then you are ended up with downloading malware in your system.
Also Read: Is Employee Monitoring Software a Good Idea for Business Productivity?
Also, there are fake Google Meets domains like googlemeet.com that were registered on April 27, 2020, according to the report of Check Point Research.
After seeing this, all the big cybersecurity agencies and giant tech companies have warned of huge spikes in COVID-19 fraud. Whereas, Check Point Research is not only in this revelation.
Google also has reported that more than 18 million daily malware and phishing emails related to COVID-19 scams were sent via Gmail alone in just one week of April.
World Health Organization Scamming Spams
Not only Zoom, Microsoft Teams, and Google Meets video conferencing scams are a lure for the victim. Hacker also using spam emails in the name of WHO with the subject like an Urgent letter for the WHO.
Check Point Research also said that they found two examples of extortion emails sent by the United Nation and WHO asking for the donation and the link in the email is redirecting “several knowns compromised” bitcoin wallets.
After this WHO has released an entire page mentioned below on the topic of COVID-19 hackers and scammers.
Beware of criminals pretending to be WHO
How to Stay Protected Against any Phishing Scams?
To protect yourself from video conferencing scams and from phishing attack is not so hard. Simply stay focused while clicking on any suspicious emails or communication from a familiar brand or organization.
Moreover, if you want to stay protected from any phishing attack and want to keep your data safe then follow these rules which are listed below.
- Always be aware of the same lookalike domains and check the spelling of the specious URL to authenticate the domain.
- Be careful with file received via Email from unknown sources especially if they are asking for a certain action to do.
- Do not reuse your password between two different applications and accounts.
- If you are getting and team meeting emails or request through any video conferencing service, then first, authenticate those emails with your administrative team.
- Always practice webcam awareness and always remember to turn off the camera when your call ends. Here are the steps to turn off the camera.
For Mac Machine- Open Safari Browser >> Menu >>Preferences>> Choose camera option and click on the Deny Camera Access for all sites.
For Windows Machine- Click on Start Menu >>Search Control Panel >> Hardware >> Sound >> then Device Manger >> Choose Imaging Device >> Select Webcam >> Choose Driver tab and select Disable option.
For iPhone and iPad- Go to settings >> App >> Privacy >> Camera >> Now, turn off camera for selected apps or for all apps.
For Android Phones- Settings>> Apps >> Select Camera >> permissions >> click on Disable button.
- If you want to secure your privacy, then never use an open virtual meeting space. Because It makes it too easy for cybercriminals to join in meetings.
If you want to know more about cybersecurity threats and video conferencing scams, then read the below mention article.
Also Read: How to handle cyber threats using these security guidelines?
Cybercriminals are not going to stop their exploitation task and our miner mistake can create a big problem for us like video conferencing scams. So always be careful while using any internet service or application because day by day hackers becoming more knowledgeable and hackers are increasing impersonating video conference software.