More scam warnings for Zoom, Teams and Meet users as reports show hackers still use domains related to popular collaborative platforms to target remote workers with phishing scams during lockdown.
Domains
Almost as soon as the lockdown started, there were reports by Cybersecurity company ‘Check Point’ that there had been a major increase in new domains registered. The new domains included the word ‘Zoom’ as well as some suspicious characteristics. Similarly, the official classroom.google.com website was impersonated by googloclassroom.com and googieclassroom.com.
Zoom, Teams, and Meet
The most recent Check Point Research shows that scammers have widened their attack strategy by including registered domains as Microsoft Teams and Google Meet-related URLs.
Check Point Research reports that in just the last 3 weeks, 2,449 Zoom-related domains have been registered. 32 of which are malicious and 320 categorised as “suspicious”.
WHO Impersonated
Check Point Research also shows that scammers have been sending phishing emails posing as the World Health Organisation. Scammers sent malware attachments asking for donations to the WHO. Any payments made go into known, compromised bitcoin wallets.
The WHO now has a page warning about the risk of being targeted by scammers. The page gives advice about how to verify authenticity before responding and how to spot and prevent phishing. See https://www.who.int/about/cyber-security
Nation-State Cyber Espionage To Steal COVID-19 Research
In a more sinister turn, the UK’s National Cyber Security Centre (NCSC) reported that UK universities and scientific institutes involved in COVID-19 research are being targeted with cyber espionage. Nation state-sponsored actors are allegedly looking for information about studies conducted by UK organisations related to the pandemic.
Protection
Check Point suggest users be extra cautious with emails and files from unfamiliar senders. They suggest not opening attachments or clicking on links in emails when the sender unknown. Furthermore they highlight that it is also important to pay close attention to the spelling of domains, email addresses, emails and on websites.
Google the company you are looking for to find their official website rather than clicking on a link in an email. Links can redirect you to a fake (phishing) site.
What Does This Mean For Your Business?
Cybercriminals are quick to capitalise on situations where people have been adversely affected by unusual events. They know some are in unfamiliar territory. People are also divided geographically as they try to cope with many situations at the same time such as work, home schooling etc. As long as the pandemic continues, these types of scams also look set to continue and evolve.
The message to organisations is that extra vigilance is still needed. All employees need to be careful, particularly in how they deal with emails from unknown sources. Whilst still paying attention to emails from apparently known sources offering convincing reasons/incentives to click links or downloads files.
If you would like to discuss security for remote workers or setting up secure remote working please do not hesitate to contact GMA today on 020 8778 7759.
Alternatively you can email hello@gmal.co.uk or visit our contact us page.