With people and businesses becoming more dependent on video conferencing for day-to-day communications, scammers have also taken this time to spread fraudulent tricks online.
The Phone-paid Services Authority or PSA warned the public that there had been a rise in phishing scams claiming to be sent from video calling platform Zoom.
A Zoom-related scam has been going around online, encouraging users to call a premium-rate number that lets them ‘retrieve’ a voicemail from the said app.
The text stated that the call would cost £6 with additional charges for access to the network.
There have also been reports of email scams that resemble the official notification of a missed scheduled meeting from Zoom. The message provokes a sense of panic and urgency that causes recipients to click on the link, which contains malicious content.
The scam link supposedly gives access to a ‘recording’ of the missed meeting. However, the message is targeted at phishing the user’s vital information.
With the stay-at-home guidance urging people to work via online platforms, users would likely trust such emails and texts readily. Since video conferencing and daily online meetings are now integral to the new normal, remote workers are more at risk for these scamming tactics.
Fraudsters take it a step further by invoking more urgency by indicating that the voicemail message will be deleted after 48 hours.
The link redirects to a bogus Zoom login page, which looks a lot like the official site. However, the fake page asks the victim to input their work email details, which is one of the warning signs of a scam.
The login page includes a suspicious instruction saying Zoom can be used without signing up, and would only require the user’s organisation email credentials to proceed.
Although the fake Zoom page might look like the genuine one, several red flags show otherwise. The URL is unusual, and there are some non-functioning links on the website. Numerous spelling and grammar mistakes can also be spotted on the page.
Once the victim keys in their login details, all the information will be harvested and put up for sale on the dark web. It could also be held for ransom, or utilised to bare sensitive information.
An earlier report revealed that over half a million stolen Zoom accounts are sold for as low as $0.002 per account on the dark web. It also claimed that some accounts are shared and used in malicious activities like Zoom raiding.
It was announced by Zoom CEO and founder Eric S. Yuan that the video conferencing platform surpassed 300 million meeting participants daily, comprising mostly of enterprise users. The new remote work setup prompted by the COVID-19 pandemic has created an opportunity for fraudsters to exploit the situation.
However, it’s not only Zoom that is used as the façade for phishing scams. Fake emails from Uber and TV Licensing, for instance, have found their way into people’s inboxes, asking to unsubscribe by clicking a suspicious link or texting a premium-rate number.
Nearly all data breaches are caused by phishing—over 3.4 billion fake emails are being sent daily. Email security researches stated that there had been over 50,000 successful emails that bypass basic security protocols of email platforms.
These statistics show that users must be vigilant when dealing with emails.
Here are some ways to dodge phishing scams: