Zoom users, 3 ‘dangerous’ emails you may get

Now that Zoom has become an integral part of most of the people working from home, it has also become quite a favourite with cybercriminals. As per a report by enterprise security company Proofpoint, hackers are trying to target the more than 200 million daily user base of the video conferencing tool through emails.
The report details that there are primarily three types of emails that Zoom users should look out for. The first one comes with the subject line “Zoom Account”, the second one comes with the subject line “Missed Zoom Meeting”, and the third one “[Company] Meeting cancelled - Could we do a Zoom call?”
Here is a look at all of these in a little more detail:

Email subject line: Zoom Account

As per the researchers of Proofpoint, these kinds of phishing emails include a lure that claims to welcome users to their new Zoom account, putting the new joiners at risk.

These emails appear to be coming from an admin account and include a link. The people who receive this email are urged to click on the link in order to complete the activation process of their Zoom account. Clicking on this link will take users to a “generic webmail landing page” asking them to enter their credentials.

This medium-sized campaign has targeted energy, manufacturing, and business services in the United States, claims the report.

Email subject line: Missed Zoom Meeting

In this case, as per the Proofpoint report, recipients get an email claiming that they have missed a Zoom meeting. The email also includes a link that the email says can be used to “Check your missed conference”.

Just as it was in the aforementioned case, the link will take the recipient to a “spoofed Zoom page and ask for their Zoom credentials.”

Even though this is a small-sized campaign, these types of emails have targeted transportation, manufacturing, technology, business services and aerospace companies in the United States.

Email subject line: [Company] Meeting cancelled - Could we do a Zoom call?

This is a malware campaign that was carried out over several days and seeks to distribute the ServLoader/NetSupport remote access Trojans, claims the Proofpoint report.

The email contains a thank you message for the recipient for their response to a fake RFQ (Request for Quotation). It also includes an attachment that appears to be about that discussion, and offers to have a call via Zoom.

If the recipient opens the attachment, they are prompted to enable macros and once the macros are enabled, a ServLoader PowerShell script gets executed, “which in turn will install the NetSupport, a legitimate remote-control application that threat actors abuse.”

This is also found to be a small campaign that has targeted energy, manufacturing industrial, marketing/advertising, technology, IT and construction companies with ServLoader and the NetSupport remote access Trojans (RATs).
ReadPost a comment

All Comments ()+

All CommentsYour Activity
Be the first one to review.
We have sent you a verification email. To verify, just follow the link in the message