If you’ve been paying attention, you know that the Zoom video conferencing service has been in the news a lot recently as a prime target for phishing attacks. This is the result of more people working from home due to COVID-19. Thousands of potential phishing sites have been created to target Zoom users as its usage has soared.
With all the headlines, you might get the idea that Zoom is the only video conferencing service being targeted by hackers. Unfortunately, hackers are more ambitious than that. Other popular services, including WebEx and Skype, are also under attack.
According to an article on Help Net Security, “Not only are attackers using video conferencing brands as a lure for malware, but they’re using it for credential phishing, in particular to steal Zoom and WebEx credentials.”
In the case of WebEx (a Cisco company), “The fake emails purportedly coming from Cisco are a mishmash of unconnected visual elements and subject lines that command attention (e.g., “Critical Update!” or “Alert!”).”
Skype is in the same boat as WebEx. According to Threat Post, “Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look ‘eerily similar’ to a legitimate Skype notification alert, according to a report released by Cofense on Thursday. Emails indicate users have 13 pending Skype notifications that can be checked by clicking a Review button.”
While not in the headlines yet, it’s only a matter of time before other video conferencing services like GoToMeeting, Microsoft Teams and Google Hangouts are the target of phishing attacks. The bottom line is, employees working from home are outside the protective boundary of the company’s network and are therefore more vulnerable to these types of phishing attacks.
What’s needed now, more than ever, is the ability to protect employees from phishing attacks who are working from home. To do that requires cloud-based email security so that emails destined for employees at their home office can be screened before they ever hit the inbox. What’s needed is email security like that available from Phish Protection.
Phish Protection is cloud-based email security with real-time link click protection, which protects against the most sophisticated type of attack: time-delayed phishing attack. Phish Protection sets up in 10 minutes by making a simple change to a DNS entry. That means you can protect a thousand employees working in a thousand different homes in about 10 minutes. And Phish Protection only costs pennies per employee per month with no hardware or software to buy.
COVID-19 will eventually go away but hackers won’t. Protect your employees today. Try Phish Protection free for 60 days.