Crooks are trying to add some credibility to their phishing attacks by referencing the popular video-conferencing tool.
Cyber criminals are trying to trick Zoom users as the video-conferencing platform surges in popularity as a result of the coronavirus pandemic forcing people to work – and socialize remotely. March saw the number of daily Zoom meeting participants reach over 200 million, compared to 10 million in December, as people turn to the platform as a means of helping to adjust to life during the COVID-19 outbreak. In many cases, it's being used by people who are working remotely for the first time.
But Zoom's sudden growth in popularity hasn't gone unnoticed and cyber criminals are increasingly targeting users of the platform. According to data from cybersecurity company BrandShield, the number of domains containing the world 'Zoom' hugely increased during March, with hundreds appearing every day by the end of the month. As many as 2,200 new 'Zoom' domains were registered in March alone, taking the total to over 3,300.
Researchers note that almost a third of these new websites are attached to an email server, which points towards the possibility that they're being used in phishing attacks to harvest login credentials from unwary users. With remote workers expecting to be sent invites to Zoom conference calls, it's providing opportunities for attackers to send phishing emails containing links to phoney login pages that aim to steal the usernames and passwords entered – something that attackers could exploit to gain access to corporate accounts and to conduct further attacks.
"With global businesses big and small becoming increasingly reliant on video-conferencing facilities like Zoom, sadly, cybercriminals are trying to capitalise," said Yoav Kren, CEO of BrandShield. "Businesses need to educate their employees quickly about the risks they might face, and what to look out for. The cost of successful phishing attacks is bad for a company's balance sheet in the best of times, but at the moment it could be fatal."
Coronavirus has become a key lure used in cyberattacks; not only are attackers using fake domains, but the subject has become highly common in phishing attacks. Messages claiming to be from healthcare professionals, logistics providers and others are being used in efforts to steal financial information, install malware and to commit other cyberattacks.