Zoom in – and double-check

We have not just got one new virus to watch out for. Last month, hackers and cybercriminals rushed to register 2,200 new ‘Zoom’ domains, taking the total to over 3,300 fake Zoom websites, according to data from the cybersecurity company BrandShield.

Hundreds of domains containing the word ‘Zoom’ appeared on a daily basis at the end of March.

What should that tell us all? It is a stark reminder that before you click, always check the link!

Zoom in – and double-check
When you hover the mouse over the link without clicking, you’ll see which address it is pointing to. Make sure it is the one you expected to see, and watch out for tricky alterations of the spelling – such as ‘zooom’ spelled with three o’s, or ‘zoorn” with an ‘r’ and an ‘n’ pretending to be an ‘m’.

With millions of people now working from home, cybercriminals have been fast to exploit the new ‘market’. The video conference platform Zoom hosted around 10 million meetings in December. Just four months later, in March 2020, that number had exploded to 200 million due to the coronavirus outbreak. People turn to video platforms such as Zoom and Jitsi to stay in touch during the nation-wide coronavirus lockdown.

Fatal phishing attacks
Yoav Kren, CEO of BrandShield, told ZD Net that cybercriminals are trying to capitalise on global businesses becoming reliant on the video-conferencing facilities.

“Businesses need to educate their employees quickly about the risks they might face, and what to look out for. The cost of successful phishing attacks is bad for a company’s balance sheet in the best of times, but at the moment it could be fatal,” he said.

Fake login pages
What happens if you click on a fake link in the expectation that it will take you to a Zoom conference call? You could instead land at a fake login page that aims to steal your username and password as soon as you have entered it. Cybercriminals exploit this to gain access to corporate accounts and to conduct further attacks.

Almost a third of the over two thousand new fake Zoom websites that were registered in March were attached to an email server, the researchers found. This points towards the possibility that they are being used in this type of phishing attacks where login credentials are harvested from unwary users.

A clear message to employees about IT security
We have produced a series of cartoon videos and an e-learning course to give employees a good understanding of the situation and how hackers and IT criminals are taking advantage of the corona crisis. The messages to the employees include:

• Hackers and IT criminals take advantage of the crisis situation, so pay extra attention to what you click on
• Be very careful about using your personal computer, tablet and mobile for work purposes
• If you use free or public wi-fi connections: Remember the general advice that it can be extremely risky
• Regulations about personal data also apply in the home workplace: Personal data must be handled with care and attention – just like at the workplace

Have a look
• For more information have a look here

• Call us on 0450 016 834 or
• Send an email to info@humouragainsthacking.com.au
if you would like to hear more and to see the e-learning course with video, quiz and articles.

Share this 45 sec video
On LinkedinOn FacebookOn Twitter

Find out more

→ ABC News / MSN – 9 April 2020:
Cybersecurity expert outlines key tactics used by hackers
“Nick Abhrams, global head of technology and innovation at Norton Rose Fulbright Australia explains how businesses can protect themselves from an emergence of COVID-19-related scams.”

→ ABC News – 3 April 2020:
Coronavirus working arrangements have seen Zoom downloads soar, but some users are wary of security flaws
“Zoom has had a surge in popularity during the coronavirus pandemic, but some businesses are backing away from the videoconferencing app over concerns about security flaws.”

→ Information Age – 2 April 2020:
Thousands of potential phishing sites created to target Zoom users as usage soars — BrandShield
“BrandShield, the cyber solutions company, has today warned that cybercriminals are increasingly targeting Zoom users with phishing.”

→ ZD Net – 2 April 2020:
Cyber criminals are trying to exploit Zoom’s popularity to promote their phishing scams
“Crooks are trying to add some credibility to their phishing attacks by referencing the popular video-conferencing tool.”

→ See also: In the midst of a virus crisis: Focus on IT security when working from home