Hackers are using Zoom, Google Meet for phishing attacks
What's the story
The spread of COVID-19 has surged the global demand for video-conferencing services like Zoom and Google Meet. From students to professionals, everyone is switching to these platforms to get their day to day tasks done from the safety of their homes. But, as it turns out, hackers are also using these platforms - for carrying out sophisticated phishing attacks. Here's all about it.
Issue
Domains matching those of Zoom, Google Meet registered
In a recently-published report, researchers at Check Point revealed that hackers have lately been registering domains matching those of Zoom, Google Meet, and Microsoft Teams. They said the URLs have minor differences but could easily be used to pose as the official site and trick users into downloading dangerous malware or giving away access to their personal information, The Verge reported.
Details
Nearly 2,500 Zoom-related domains registered
Out of the questionable domains flagged in the last three weeks, as many as 2,449 were found to be related to Zoom, with 32 of those being flagged as 'malicious' and 320 being categorized as 'suspicious'. The researchers also noted a case in which an email that appeared to have come from Microsoft Teams downloaded a malware instead of redirecting to the Teams app.
WHO phishing
WHO's name also being used for phishing
Along with these services, hackers are also using the name of WHO for attacks. As per Check Point, they are either sending fake emails to solicit donations - and trick people into paying money to Bitcoin wallets - or are attaching files capable of downloading malware with them. The researchers also cited a few examples of such emails in their report.
Information
Google had also warned about fake WHO emails
Last month, Google had also raised alarms on phishing emails in the name of WHO and other organizations. The internet giant had revealed that it has seen a surge in scams around COVID-19 and is blocking over 18 million malicious emails daily.
Protection
How to stay protected?
To dodge such scams, double-check the URL tab and make sure to open only official websites of services like Zoom, Google Meet, and Microsoft Teams. Also, do keep a close eye on incoming emails and avoid clicking on any suspicious link/attachment in those messages, even if it is a message for claiming a reward or an urgent warning for account-related changes.