Zoom users should probably be aware of these 3 emails you receive. Since Zoom has become a favorite application for both Users and Cybercriminals, a cybersecurity company Proofpoint hackers are trying to target more than 200 million users through Emails.
Here are those 3 emails in detail
Email subject: ZooM Account
As per Proofpoint, Hackers are targeting medium-sized manufacturers, energy and services in the United States. And they are mainly targeting new users.
The users will receive an email with the subject line as ZOOM Account as mentioned above, in that mail they will also be a link pressing upon which will redirect the user to “generic webmail landing page“. If the user enters his credentials, the hackers will get hold of them.
Email subject: Missed Zoom Meeting
As per Proofpoint, this type of email is targeting small-sized transportation, manufacturing, business services and aerospace companies in United States.
The users receive an email with the subject Missed Zoom meeting as mentioned above. The email will contain a link stating “press here to see the missed conference”, which will redirect to a bogus Zoom login page. If the user enters his/her login credentials then their information will be in Hackers hands in seconds.
Email subject: [Company name] Meeting cancelled
This is used to target small industrial manufacturers, technology, marketing, advertising, IT and even construction companies in United States.
This is a malware campaign that was meted out over many days and seeks to distribute the ServLoader/NetSupport remote access Trojans, claims the Proofpoint.
This email will contain a thank you message for the recipient for his or her response to faux RFQ(request for quotation). It conjointly includes an attachment that seems to be this discussion and offers to own a decision via Zoom.
Once the user opens the attachment, they will be asked to enable macros, once that is done, a ServLoader PowerShell will be executed, which will download NetSupport which the abusers use to hack information.