Watch out for the latest video conferencing scams
People around the world are adapting to various video conferencing, screen sharing and presentation tools as they continue to work from home during the current pandemic.
Cyber criminals (or threat actors) are also adapting, as they continue to look for ways to gain access to our systems and information while we work from home. As always, the majority of attacks or scams start out with a fake email (phishing campaign) encouraging the victim to click on a web link or download an attachment.
WebEx phishing campaign
This latest phishing campaign begins with potential victims receiving an email with subject lines such as “Critical Update” or “Alert” from the spoofed address “firstname.lastname@example.org”. The body of the email explains that there is a vulnerability that the user must patch and even provides steps on how to do so.
The phishing email (fake email) uses fake but similar URL’s (Website addresses) to trick victims into clicking on the phishing page. Once the victim successfully logs in to their WebEx account using the phishing page the threat actors capture their login details. It then redirects them to the legit Cisco website to download the real WebEx installer.
In this case the victim had no idea that someone has stolen their login credentials. If you receive instructions to update or install software, it is most likely a phishing attempt, delete the email and notify your IT department.