3 Dangerous Emails Which Can Hack You Zoom Account If You Open Them: Find Out What They Are?

It appears as though the Covid-19 pandemic wasn’t enough to halt all the activities around the world, as cyber attacks are now surfacing more often than ever.

Now, we all know that the ongoing pandemic has forced the working class (among others) to shift on online platforms and give rise to the new operating model: Work from Home (WHM).

This calls for immense online footprint and a shift towards many sophisticated softwares, which can support a major number of payloads, to smoothly lead calls and conferences.

One such software that is being used more than the others in such a scenario is Zoom. It is gaining heavy traction not just in the ‘corporate’ world but also is used undoubtedly by schools and colleges to connect to their students in online classes.

Zoom now being New Hub for Cyber Criminals

All this build up brings us to the paramount emergency of the situation, which is: now that Zoom has become an integral part of most of the people working from home, it has also become quite a favourite with cybercriminals.

As per a report by enterprise security company Proofpoint, hackers are trying to target the more than 200 million daily user base of the video conferencing tool through emails.

The report details that there are primarily three types of emails that Zoom users should look out for:

• The first one comes with the subject line “Zoom Account”
• The second one comes with the subject line “Missed Zoom Meeting”
• The third one, “[Company] Meeting cancelled – Could we do a Zoom call?”

Email Subject Line: “Zoom Account”

According to the research conducted by the officials at Proofpoint, such phishing emails always include a pulling point that claims to welcome users to their new Zoom account, putting the new joiners at risk.

These emails appear to be coming from an admin account and include a link. Obviously, it is understandable that the language of the email will be tempting enough for a new user to click on the link in order to complete the activation process of their Zoom account.

Clicking on this link will take users to a “generic webmail landing page” asking them to enter their credentials. This medium-sized campaign has targeted energy, manufacturing, and business services in the United States, claims the report. 

Email Subject Line: “Missed Zoom Meeting”

Here, recipients get an email claiming that they have missed a Zoom meeting. The email also includes a link that the email says can be used to “Check your missed conference”.

This link too, shall take the recipient to a “spoofed Zoom page” and ask for their Zoom credentials.

Even though this is a small-sized campaign, these types of emails have targeted transportation, manufacturing, technology, business services and aerospace companies in the United States.

Email Subject Line: “[Company] Meeting canceled – Could we do a Zoom call?”

This is a malware campaign that was carried out over several days and seeks to distribute the ServLoader/NetSupport remote access Trojans.

This is where you should be extra careful with what you suscept yourself too because chances are, you will get carried away by them and bring harm to yourself.

The email contains a thank you message for the recipient for their response to a fake RFQ (Request for Quotation). It also includes an attachment that appears to be about that discussion, and offers to have a call via Zoom.

If the recipient opens the attachment, they are prompted to enable macros and once the macros are enabled, a ServLoader PowerShell script gets executed, which in turn will install the NetSupport, a legitimate remote-control application that threat actors abuse.

This is also found to be a small campaign that has targeted energy, manufacturing industrial, marketing/advertising, technology, IT and construction companies with ServLoader and the NetSupport remote access Trojans (RATs).