Skolkovo’s Group-IB, one of the innovation center’s international residents, is a cybersecurity company that focuses on cyberattack prevention. It recently uncovered a fraudulent scheme that uses Zoom as a tool to find unsuspecting victims. Under the guise of offering cash compensation “due to Covid-19” or for subscribing to the service, the users are lured to fraudulent sites where they are vulnerable to monetary and personal data theft.
According to a statement to Sk.ru, Group-IB warned Zoom about the threat. At the beginning of 2020, the Skolkovo cybersecurity company fixed upon around 15,300 domains using the Zoom name; this was during a surge of registrations when people began working from home. The danger lies in the fact that similar domain names could play host to phishing websites – sites that are malicious in nature with the primary aim of stealing personal information such as login passwords, card details, and so on. Last spring, account information from around 4000 Zoom users appeared on the Dark Web, a part of the Internet generally associated with criminal activities.
Image: Group-IB
Hackers didn’t stop there, however; Group-IB uncovered a new fraudulent scheme that used the original Zoom service as a tool to steal users’ personal information.
While registering a Zoom account, the user completes a profile and the fields for the name and surname allow for up to 64 symbols. Scammers exploited this feature to enter the phrase, “You are entitled to compensation due to Covid-19,” and added a link to a scam website.
They also exploited a Zoom service to send fraudulent spam messages. Upon registering with Zoom, the service offers the new member the chance to invite up to ten new users. The scammers added the addresses of potential victims who then received official notifications from the Zoom videoconference service team (no-reply@zoom[.]us), but which included content created by internet scammers.
One such spam email, which Group-IB analyzed, stated that users could receive monetary compensation by going to the website titled http://uglava.com (now blocked). Upon following the link, users were sent to other fraudulent sites titled “Official Compensation Center,” “Express Lottery,” “Bank-Online (You’ve received your cash transfer)” as well as others.
“Scammers exploited the popularity of the Zoom service,” warned Yaroslav Kargalev, the deputy head of CERT-GIB. “Since the emails sent were from the official service, scammers aren’t just guaranteed that the message will get to the addressees, but also that a number of the recipients would click on the link shown in the profile, bringing them to the fraudulent site. Zoom needs to implement a more rigorous check on data that users enter upon creating an account as well as ban the use of third-party links in user profiles.”
What is the Dark Web?
The Dark Web is a part of the Internet that does not appear through regular Internet search engines such as Google; it requires specific browsers in order to gain access. While it is associated with online criminal activities such as those mentioned above, it also offers standard web services but with more secrecy. According to Investopedia, the Dark Web is a place where “tech giants and large media organizations have very little influence as of 2020.” It also states that “while the dark web promises privacy to its users, it can also be used to violate the privacy of others as well as to sell stolen information.”
Image: Dark Web Infographic.