by Bret Bergman
Contributing Editor

As COVID-19 spreads so does malicious activity…beware of the suspicious Zoom meeting invite!

As droves of people are working remotely (many for the first time), IT and cyber teams are stretched thin making it all work.  Now is not the time to take our eye off the ball.  As Kelly Sheridan recently noted in Dark Reading, “In recent weeks, security researchers have spotted an increasing number of malicious activities linked to COVID-19 as attackers capitalize on the virus.”  

One specific area of concern is online meeting /collaboration platforms such as WebEx, Microsoft Teams, Google Hangout and Zoom.  If you’re like me, you have likely used all of these and more over the past couple of weeks.  Zoom is a particularly interesting case (it’s 45%+ stock-price increase from Mar. 10 -23 aside!). No doubt if you now have kids at home doing distance learning, they are likely using Zoom as it appears to have cornered the education market from elementary school to college.  

Many people are using Zoom for the first time and tend to be less cyber aware.  As recently reported in Dark Reading by Jai Vijayan  (“Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations), “Since January, more than 1,700 new Zoom-themed domains have been registered worldwide. More than 400 of them were registered just in the past week alone…Of the Zoom domains that have been registered since January, at least 70 appear suspicious. The goal in creating these spoofed sites typically is to trick users who are lured there into parting with account credentials or into getting them to share payment card details and other sensitive data.

This is fertile ground for hackers of all sorts.  People who take advantage of a crisis for their own gain are the worst kind of perpetrators.  Thus, it is imperative that those of us in cyber help our less-informed brethren, both formally as part of our jobs and informally as cyber-aware citizens.  I encourage you to read the full article and then make a point of informing your organization, friends, and family of the threat.  If you do nothing more than have them call senders of Zoom invites to confirm the invites are legit, you will have made a huge difference.

Leave a Reply

Your email address will not be published. Required fields are marked *