COVID-19 , Cybercrime , Fraud Management & Cybercrime

Fraudsters Take Advantage of Zoom's Popularity

Emerging Threats Include Phishing, 'Zoom-Bombing'
Fraudsters Take Advantage of Zoom's Popularity

Fraudsters are taking advantage of the increasing use of Zoom for video conferencing to support those working from home as a result of the COVID-19 pandemic.

See Also: From Epidemic to Opportunity: Defend Against Authorized Transfer Scams

For example, security firm Check Point Software says criminals are waging phishing campaigns with Zoom-related themes.

Meanwhile, the FBI warns of “Zoom bombing,” which involves a third party interrupting, taking over or listening in on a video conference.

Malicious Domains

Check Point Software says in a new report that about 1,700 domains using the Zoom name have been registered since the start of the year, with 25 percent of those coming in the last week. Of those 1,700 domains, Check Point researchers estimate that about 4 percent have "suspicious characteristics," which is likely a sign of fraudsters starting phishing campaigns with Zoom-related messages as a lure. In some cases, the phishing emails and messages that that researchers have observed spoof Zoom login pages and attempt to get victims to input their credentials, which are then harvested by the attackers, the report notes.

In addition to suspicious domains, Check Point notes that its researchers have also uncovered malicious files with names such as "zoom-us-zoom_##########.exe" and "microsoft-teams_V#mu#D_##########.exe."

If downloaded on a device, these files install software called InstallCore, which enables attackers to download additional malware onto the device, according to the Check Point report.

Spoofed Zoom login with malicious files (Source: Check Point Software)

'Zoom Bombing'

Meanwhile, the FBI's Boston division issued a warning Monday about video-teleconferencing hijacking, or “Zoom bombing."

"The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language," the alert states.

A Massachusetts-based high school recently reported that while a teacher was conducting an online class using Zoom, an unidentified individual dialed into the virtual classroom, yelling profanity and shouting the teacher’s home address, according to the report.

Other Security Concerns

Earlier this week, Zoom apologized for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app. Exposed users' data includes IP addresses and device models (see: Zoom Stops Transferring Data by Default to Facebook).

On Monday, the New York Times reported that New York Attorney General Letitia James sent a letter to Zoom asking about the company's privacy and security practices. The letter also sought information about vulnerabilities "that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams," according to the report.

In a response to these concerns, Zoom CEO Eric Yuan posted an update to the company's privacy policies on the company's blog and on Twitter.

In January, Zoom announced that it had fixed a vulnerability that - under certain conditions - could have allowed an uninvited third party to guess a meeting ID and join a conference call. The exploitation of the flaw involved guessing IDs for meetings that aren't password-protected (see: Zoom Fixes Flaw That Could Allow Strangers Into Meetings).

About the Author

Apurva Venkat

Apurva Venkat

Special Correspondent

Venkat is special correspondent for Information Security Media Group's global news desk. She has previously worked at companies such as IDG and Business Standard where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.