Cybercriminals are still using Zoom and other conferencing platforms as phishbait, according to Zlati Meyer at Fast Company. This phishing theme isn’t likely to let up any time soon, so employees need to know how to recognize these scams.
“The bait is decorated with the Zoom logo and sent via text, email, or social media message to say that your account has been suspended (but can be reactivated by clicking on the attached link), that you missed a meeting (but can click on the link to find out the details and schedule), or that Zoom is welcoming you (but you need to click on the link to activate your account), according to the Better Business Bureau,” Meyer writes. “Of course, the link does none of those things and instead downloads malware to your computer or mobile device or takes you to a login page where you need to enter your login and password, which lets the thieves gain access to other accounts with similar combinations.”
Edgar Dworsky, founder of Consume World, told Fast Company that this trend isn’t surprising, since scammers always capitalize on what’s popular at the moment.
“For people who are in this business of doing phishing schemes, it becomes the scam du jour,” Dworsky said. “What’s popular now? How can I capitalize on something that’s in people’s minds, that they use? The timeliness and popularity is something they look for.”
Dworsky added that scammers exploit the fact that Zoom notifications are something they have to pay attention to for their jobs.
“They create a sense of urgency, because they know you have some upcoming meeting and need to fix this,” Dworsky said. “With any one of theses phishing scams, you have to look before you click. The relevance lends credence to the fact that that’s legit.”
New-school security awareness training with realistic, up-to-date phishing simulations can help your employees recognize social engineering tactics.
Fast Company has the story.