How Zoom is being exploited for phishing attacks
With so many of us depending on Zoom to work from home, cybercriminals are increasingly sending fake meeting invitations to dupe employees. Learn how easy it is to create a Zoom phishing email in this episode of Cyber Work Applied with Infosec Principal Security Researcher Keatron Evans.
Inside a Zoom phishing campaign
Since the start of COVID, millions of people have depended on Zoom for work-from-home meetings. In this episode of Cyber Work Applied, Keatron explains how threat actors are creating successful phishing campaigns by exploiting Zoom.
Cyber Work listeners get free cybersecurity training resources. Click below to get your free courses and other materials.
How Zoom phishing attacks work
The edited transcript of Keatron’s Zoom phishing attack walkthrough is provided below.
How threat actors leverage Zoom
(0:00- 0:18) Hi, I'm Keatron Evans. It's not a secret that one of the most popular tools to surface since COVID started is Zoom. In this video, I'm going to show you how threat actors are using its popularity in a very successful phishing campaign. Let's dive in.
Creating a Zoom phishing email
(0:19- 1:30) I recently talked to a CFO who is a victim of this attack, and she told me that on average, she receives about 15 Zoom meeting invites per day, which makes it difficult for her to think about not accepting one. Let me show you how it's done.
What I've done here is I've already set up a fake copy of the Zoom website using the Social-Engineer Toolkit (SET). And if you want to see how to do that, you can watch some of our other free videos on using SET.
See Infosec IQ in action
See Infosec IQ in action
So what I'm going to do now is log into an email account and forward — or send a Zoom meeting invite to our unknowing victim here. I'm going to log into the Keatron Hacks Gmail account here.
Here's the Zoom meeting and I'm simply going to forward this Zoom meeting request to our victim. So there's our Zoom meeting there. Simple enough — looks just like a regular Zoom meeting.
Sending fake Zoom meeting to victim
(1:31- 2:14) I'm going to forward that meeting request to our intended victim, Bob Vance.
So we sent it to Bob Vance. Now we're going to be the victim. We're going to go to Bob Vance's computer and see what Bob Vance sees in his email.
What you see here is a typical Zoom meeting invite email. This is a meeting invite to Bob Vance, Vance Refrigeration, from Keatron Hacks. And it's just got the link here to the Zoom meeting.
Victim clicks on Zoom meeting phishing link
(2:15- 3:21) Now as soon as Bob clicks this link, watch what happens. Bob's going to click the link, and it appears not much is going on except the browser's turning, but let's go look at the attacker side.
Waiting over here, the attacker had a fake copy of Zoom, which actually loaded malicious code. And what you're seeing here is the attacker's view of what Bob got just from clicking on that link. So now as the attacker, I can simply jump into that session, take a screenshot to prove that we now own Bob's machine.
So think about that for a second. The only thing Bob did was open his email, click on that Zoom meeting invite like he does every single day when he has to go to the Zoom meetings, and as a result of that, the lowly attacker now has complete control of Bob's machine.
This is why you really need to be careful when you're blindly clicking on those Zoom meeting invites, make sure that it's from someone who you think it's supposed to be from. Hope you enjoyed that.
More cybersecurity training resources
Want more free resources? Check out the weekly Cyber Work Podcast for in-depth conversations with cybersecurity practitioners and industry thought leaders.
Cyber Work listeners also get other free cybersecurity training resources. Check out the latest free courses and resources to keep learning!