IT support provider, Macclesfield based Fabric IT, warns that video conferencing platform Zoom, which has become vital to many businesses during the Covid-19 pandemic, is now a target for cybercriminals and phishing attacks.
Cyber-Attacks Are On The Rise
During the COVID-19 Pandemic, the reports of cybercrime, unfortunately, have increased. With people working from home and outside of an office environment, it is much easier to fall into a false sense of security.
Cyber-attacks have continued to grow in cost, size, and impact – causing 60% of SMBs to go out of business within six months of a cyber incident. Over 80% of data breaches leverage stolen passwords as the principal attack vector – often acquired on the Dark Web.
Because employees are the core of any business, they will be the main target for cybercriminals. Making sure your people stay up-to-date with cybersecurity knowledge, and teaching them to recognize threats is imperative to the security of your business. The threat landscape is continually evolving, and so should your approach to defence.
Zoom Phishing Attacks
Please be vigilant to emails that you do not expect to receive. Currently, many people are using applications outside of Office 365, such as Zoom to stay in touch with friends, family and colleagues.
If you receive an invitation to join a Zoom call that you are not expecting, you should delete it and do not click on any links. Most invitations will advise you of the contact who has sent the invite to you. If you are the only name in the email, please delete it.
An easy way to tell if the email is spam or a phishing attack (where malicious users attempt to obtain your login credentials) is to check the email address it is sent from. For example, if you received a legitimate email from the government, it would look like user@gov.uk. A spam email might look like user@go.v.u.com.
The email address is displayed as: Zoom.Video.Communications.user.name.info.oomvideoconference-communications@o.pfr.orbufw.com
Preventing Phishing Attacks
Trained and aware employees are critical to securing an organization, and an effective, ongoing internal security awareness program can help reduce your company’s vulnerability, turning the “weakest link” in your cyber defences into its greatest strength.
Phishing has become very sophisticated and almost undetectable, as criminals have found ways to make their emails as realistic as possible. Phishing simulations test employees on how they would respond to a real-life phishing attack. We can send these mock attacks at staggered times, avoiding the “prairie dog effect” where employees warn one another of the email, for the best measurement of all employees’ awareness. We will track which employees have clicked on a phishing email, who has given away their password and who has ignored the email.
Find The Learning Gap
Once a learning gap is detected, we’ll deliver interactive educational videos to the most susceptible users. This easy-to-understand, short and visually engaging training videos include an online quiz to verify the employee’s retention of the training content. Training can be delivered regularly, to reinforce the importance of every employee’s role in protecting your business.