As people have been forced to work from home due to the coronavirus outbreak, there’s been a surge in the use of virtual meeting programs to stay in touch with colleagues and co-workers. Cybercriminals have been happy to exploit all aspects of the coronavirus, and that includes this move toward remote working. A new phishing campaign spotted by Abormal Security takes advantage of the popularity of Zoom to try to capture account credentials of unsuspecting users.
Mimicking a real Zoom notification, the initial phishing email tells recipients that they’ve recently missed a scheduled meeting. The email contains a link that promises more details and a recording of the meeting. To lend legitimacy, the message is formatted with the potential victim’s username, while the link also contains the username. To add a sense of urgency, the email states that Zoom will keep the message only for another 48 hours… TechRepublic
