Express Computer
Home  »  Security  »  Hackers targeting people with fake Zoom HR, payroll video meetings

Hackers targeting people with fake Zoom HR, payroll video meetings

0 521

Cybersecurity researchers at UK-based Sophos have revealed hackers are now targeting people across the world with sending emailed with links to fake Zoom HR and payroll discussion video meetings to steal your personal and other credentials.

Scammers have turned to employment worries as their latest lure for Zoom phishing scams and researchers from the ‘Naked Security’ team at SophosLabs witnessed several examples of such phishing emails, with subject line saying “You are invited to join the q2 meeting”.

“This is a reminder that your scheduled Zoom meeting with Human Resources and Payroll Administrative Head will start in few minutes. Your presence is crucial to this meeting and equally required to commence this Q1 perfomance review meeting. Join this Live Meeting,” says one such bogus Zoom message.

“The subject lines, message layout and meeting descriptions vary slightly, but the basic idea is the same,” revealed the cybersecurity team.

There is the link in the Zoom message and once you click it, you will be directed to a portal with a login window that looks similar to video meet app Zoom.

“The phishers probably don’t care what password you enter as long as it’s a valid one they can use on one of your accounts, but you’ll notice they’ve put the suggestion text Email Address Password into the password field instead of just Password as you see on Zoom’s page,” explained Sophos.

“Remember that access to your email account is likely to be worth a lot more to the crooks than your Zoom account would be, for the important reason that your email account is probably the way you go about doing password resets for many of your other accounts”.

Whatever you enter as password on the fake site, you will end up redirected to a genuine and vaguely relevant Zoom help page, as though something went wrong and you should simply try again.

“In this way, the crooks don’t need to simulate a successful login or to pretend that your login failed – they just leave you in one of those ‘I wonder what happened there’ moments where your inclination is simply to go back and start over,” said the researchers.

By the time you see the genuine Zoom help page, the email address and the password you entered have already been posted to the crooks instead of sent to Zoom.

“If someone else is inviting you to a meeting, you shouldn’t need to login to Zoom first, given that they’re hosting. Don’t login after clicking links in emails,” advised the team.

Zoom was yet to comment on the report.

Enable two-factor authentication if you can. Zoom supports 2FA, based on one-time codes generated by an app on your phone, and most email services do, too.

“If you were phished, change your password at once. Even if you fall for a phish at first, many phishes are obvious after you put in your password because you don’t end up where you should and the deception stands out,” said the Sophos team.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image