Cyber criminals are capitalizing on confusion during the WFH transition. In one of the latest attacks, they send fake Zoom invites that look like a scheduled HR meeting.
The phishing emails mimic legitimate Zoom meeting reminders hinting at the target's layoff in a meeting with their company's Human Resources.
This is awful! Hackers are exploiting employees' job fears. If you get an email like this, your first instinct is to quickly login to that meeting!
"When the victim reads the email they will panic, click on the phishing link, and hurriedly attempt to log into this fake meeting. Instead, their credentials will be stolen by the attacker."
Attackers are able to mimic any legitimate-looking email or web page. This only complicates the challenge for your users.
Once they reach the phishing landing page, the victims see a cloned Zoom sign-in page, and that the sign-in form is being used by the scammers to steal the victims' credentials instead of logging them in.
The solution here: always inspect links before clicking!
To be sure, we can all fall victim to a well-targeted con. That's why it's critical to consistently test and train your employees to instill safe cyber security behaviors.
Consistency is exactly why organizations turn to INFIMA's Automated Security Awareness Training platform to protect their people.
Ready to learn more? Start here!
Original article here.
[https://www.bleepingcomputer.com/news/security/phishing-uses-lay-off-zoom-meeting-alerts-to-steal-credentials/]
Join the newsletter to receive the latest updates in your inbox.