Warning: Hackers are making malicious copycats of this WFH site
April 1, 2020
By Mark Jones
You’re stuck at home trying to remember what life was like before the coronavirus became a global pandemic. You’d give anything just to have a friendly conversation with a buddy over dinner at your favorite restaurant again.
And then it happens. The phone finally rings and you get excited to speak with someone. Shockingly, it’s a scammer trying to sell you a fake COVID-19 vaccine. Yes, that’s really happening. Tap or click here for details.
Now more people are working from home, while also trying to keep in touch with friends and family. That’s led to a sharp increase in the number of people turning to video conferencing software and apps. And that attracts cybercriminals.
Video conferencing apps spoofed by criminals
Zoom is among the most popular video conferencing services and with the huge increase in users, the program has become a prime target for hackers. Researchers at Check Point reported in the past few weeks, they’ve noticed a major increase in new domain registrations with names including the word Zoom.
That means criminals are creating spoofed websites to trick people into thinking they’re on the official Zoom site when in reality it’s a fake. Many spoofed sites try to get you to enter personal information and credentials so they can rip you off.
You may also like: See the list of disinfectants strong enough to kill coronavirus
Some of these sites even have malicious links that, if clicked on, can infect your device with malware. For example, the report points to malicious files with names like “zoom-us-zoom_ ##########.exe,” with # representing various digits. Opening that file would start a setup process that looks like the image below:
But Zoom isn’t the only site being targeted. Another popular service being spoofed is Microsoft Teams, so be careful. Check Point also referenced malicious files that looked like “microsoft-teams_V#mu#D_##########.exe” or similar.
But how are you supposed to stay safe? Here are a few suggestions.
Type web addresses directly into your browser
Instead of doing an online search and clicking on a search result, type all web addresses directly into your browser. This ensures you’re on the official site and not on a malicious spoofed version.
Don’t trust emailed links
Links that are sent to you in unsolicited emails or texts should never be trusted. They could be malicious. Hovering your cursor over the link will show the URL, often showing that you’re not being redirected to the site it says. Remember to also avoid attachments in email messages and texts as well.
Enable 2FA
Enable two-factor authentication for every site that offers it. That way, if a criminal happens to steal one of your passwords, they will need another way to verify who they are.
Now that you know how to avoid spoofed websites, there are additional steps you need to take to protect your Zoom calls. That’s due to a recent trend the FBI is now issuing a warning about.
FBI issues ZoomBombing warning
We recently told you about a frightening ZoomBombing attack that happened during one company’s weekly meeting. ZoomBombing is when trolls enter group chats and post things like pornographic videos or malicious links that lead to malware. Tap or click here for more details on ZoomBombing.
Now, the FBI is warning everyone that the number of ZoomBombing attacks is spiking. The agency has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
A couple of schools in Massachusettes were ZoomBombed last week, and in one of the incidents, the intruder threatened students and the teacher while showing off his swastika tattoos.
To prevent that from happening, the first thing to do is to limit actions that can be performed by participants. Here’s how:
- Click settings on the left side of the Zoom screen.
- Scroll down to Screen Sharing and slide the toggle to disable the setting.
- Go back to Settings and scroll to File Transfer
- Slide that toggle next to “Hosts and participants can send files through the in-meeting chat” to prevent file-sharing.
Tap or click here for more information about adjusting your Zoom security settings.
The FBI suggests following these steps to mitigate teleconferencing hijacking threats:
- Do not make meetings or classrooms public.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Ensure everyone is using the updated version of remote access/meeting applications. In January 2020, Zoom updated its software. In its security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure your organization’s telework policy or guide addresses requirements for physical and information security.
If you were a victim of a teleconferencing hijacking or any cybercrime, report it to the FBI’s Internet Crime Complaint Center at ic3.gov. If you receive a specific threat during a teleconference, report it at tips.fbi.gov.
It’s unfortunate that the dregs of society are taking advantage of innocent people during this crisis we’re all having to navigate right now. Most people are just trying to find helpful information on how to deal with the coronavirus pandemic and shouldn’t have to worry about scammers.
We at Komando.com are doing our part by sharing as much valuable information as possible. We’re covering all angles of COVID-19 and will continue to do so until we make it through this pandemic. With that in mind, here are links to some of our helpful articles you can share with friends and relatives:
- How to find out if coronavirus is spreading in your area
- Sanitizing delivered packages, taking Uber and getting food safely during COVID-19 pandemic
- How to stay in touch with family and friends during the pandemic
- Don’t fall for these stimulus check scams
- Amazon’s Alexa can help spot signs of COVID-19 – here’s how
The best way to stay on top of what’s happening is to sign up for Kim’s free Alerts newsletter.
https://www.komando.com/tips/cybersecurity/zoom-hackers-malicious-sites-fbi/