Hackers are continuing to take advantage of the coronavirus pandemic and find new ways to steal our information and compromise organizational networks.
According to Check Point Research, cybercriminals are meeting end users where they are, and these days that is on videoconferencing and collaboration platforms like Zoom, Microsoft Teams, Slack and Google Meet.
Hackers are using fake domains to conduct phishing attacks, and have been since the COVID-19 pandemic began pushing everyone to work from home and make use of those platforms to work remotely.
In just the last three weeks alone, about 2,500 new Zoom-related domains were registered, but 1.5% of them were malicious and another 13% are suspicious. This activity began around the middle of March, when working form home and using those applications became a reality for many people.
While Zoom may be getting headlines and national attention for the platform’s quick rise in popularity, Microsoft Teams and Google Meet are also being used to lure victims, according to Check Point.
And Zoom isn’t the only platform cyber criminals are impersonating – both Microsoft Teams and Google Meet have been used to lure victims too. Recently, victims fell prey to phishing emails that came with the subject “You have been added to a team in Microsoft Teams“. The emails contained a malicious URL ”http://login\.microsoftonline.com-common-oauth2-eezylnrb\.medyacam\.com/common/oauth2/” and victims ended up downloading malware when clicking on the “Open Microsoft Teams” icon that led to this URL. The actual link for Microsoft Teams is “https://teams.microsoft.com/l/team”.
Then there are fake Google Meets domains like Googelmeets/.com, which was first registered on April 27, 2020. Of course, the link did not lead victims to an actual Google website.
Check Point also found that coronaviruis-related attacks have increased 30% compared to previous weeks. Those attacks include websites with “corona” or “covid” in its domain, files with “corona” related file names and files that have been distributed via email with coronavirus-related subjects.
To prevent these attacks, Check Point recommends the following:
- Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
- Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
- Ensure you are ordering goods from an authentic source. One way to do this is to NOT click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
- Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.
- Make sure you do not reuse passwords between different applications and accounts.