No Curve Flattening Yet For Rocketing Zoom Spoof Sites
Published: July 30, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
At a time when the world is unsure about what tomorrow may bring, one community doing extremely well today are cybercriminals. Zoom video conferencing is a natural target for a hacker’s cross hairs. With much of the work force operating remotely from home using Zoom and also providing online education, along with the desire to keep family and friends near as possible with technology, has made the product a hacking bullseye. The popular conference app has been going through an incredible growth spurt since January of this year. Since then, Check Point researchers saw more than 1,700 Zoom-themed domains were registered worldwide. The last week of March alone found more than 400 newly registered Zoom themes. Not every new domain is a spoofed website, but putting the Zoom explosion in terms we’re now all familiar with, the surge is still going up with no hopes of flattening yet in sight.
The goal of these spoofed sites is simple: Lure users into providing PII (personally identifiable information) like account credentials, banking, and payment card details, and whatever other PII hackers can get their hands on. One tactic is to get those working at home to download fake VPNs (virtual private networks) for added security, only to have them connect users to malicious sites. Zoom reports that as of December of last year, the app hosted 10 million users a day. Since the presence of the coronavirus pandemic, they now report over 200 million users a day.
Although Zoom is a favorite hacking target, other video conferencing and communication apps are also under attack. According to Check Point, apps like classroom.google.com for students and new spoof phishing websites have been found for almost all other “group hosting” apps. The surge in coronavirus-themed spoof attacks are popping up everywhere, with email, text and phone call phishing, business email compromise, account takeovers, and more. Hacking is on track to reach historic rates this year and possibly next year as well.
For parents of children who may be using an education app for the first time, remember, hackers are remarkably successful at targeting vulnerable populations–and that includes children. It’s always the perfect time to discuss cybersecurity with your kids, especially now that they’re spending more time online each day for school. Hackers phish children many ways, including using pop-up ads that install malware, asking for access to device content like contact lists, they also phish using inappropriate content.
Teaching children to pay attention to their safety online can be as beneficial as the classes they attend at school.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org