Published: April 30, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
It’s not just Zoom meeting software that is in the bullseye of cybercriminals these days. The company Cofense found that there is an active and ongoing phishing campaign abusing Cisco’s web conference product, Webex. The message received in email urges the recipients to install an “update.” Unfortunately, you guessed it...it’s not really and update, but malware that intends to steal credentials from the Webex platform.
The cyber-scoundrels are choosing this platform because they know so many people are working from home these days and they are taking advantage of the coronavirus shelter-in-place conditions.
Remember that phishing is on a roll right now. Cybercriminals are taking advantage of the situation by upping the ante on phishing attempts. They realize that at-home workers may be a bit more relaxed than when at the office, so they are hoping that users are paying a bit less attention to the tone of the emails. But don’t let them fool you. Keep your cybersecurity guard up and make sure you don’t click if an email is suspicious at all. If it isn’t expected or if it’s from someone you don’t know, just don’t click it. If you aren’t sure, but think it might be OK, contact the sender separately to make sure it’s legitimate. Don’t reply to these messages. If you do, they will just go back to the non-legit sender, so send a new email to an address you already know or even better, use the telephone. There is no email that is so important you can’t take some time to verify it before clicking something.
The subject lines in the emails are, for example, “Critical Update” or “Alert!” The sender may be meetings[@]webex.com (without the brackets, of course). If you are setting up the Webex meeting, make sure you passcode it for added protection.
The attackers actually went to the effort to register a domain just a few days before they sent out the email message and got a legitimate SSL security certificate. This makes it appear real, but it’s not. Don’t be fooled. Take some time to make sure your links are real and from the intended meeting organizer before clicking anything, especially if you are working in the healthcare or finance industries. Those seem to be most targeted with this campaign…at the moment.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org