New Phishing Scheme Targets Employees Using Web Conferencing Software

The pandemic has meant increased use of video conferencing software to conduct meetings and manage remote teams. Unfortunately, managing security with remote teams is a challenge as businesses have less control over the activities and quality of security systems on individual devices. Cybercriminals have now found a new and innovative way to compromise the bank accounts of employees using video conferencing systems. Here is what you need to know and what you need to do to protect yourself:

How the Scam Works

Business email compromise (BEC) attacks are a form of cyber fraud where the victim is convinced to transfer funds to an account that appears to be the CEO or someone inside the company. This is a type of phishing attack, spear phishing, to be more exact.

Companies that conduct wire transfers and have a global supply network are most at risk. 

The attack occurs when the phisher attempts to look like someone in authority in the organization and tries to convince the victim to send money to them in what looks like a legitimate business transaction. They also use video chatting to try to impersonate upper-level executives in the company.

What this could look like is that you may be in a legitimate meeting with your team or organization using software like Zoom, and you receive a private message that looks legitimate asking you to wire money or send payment to a customer. Supposedly, this is from a legitimate person in your organization who has had difficulty doing this through their own bank for some reason. You think this is your boss asking you to do this, and it can be difficult to say no, but be very cautious; the person in the chat might not actually be your boss, but it is someone who has gained illegitimate access to the meeting. 

If you send money to the scammer, they now have access to your information and can steal your identity. This scam is similar to email and website spoofing scams that have been around for a long time, but video conferencing gives cybercriminals a new avenue for their old tricks.

Rise of BEC Attacks

According to the FBI, the number of BEC attacks using video conferencing has been on the rise since 2019. In 2020, the FBI estimated that BEC attacks caused over $1.8 Billion in losses. This figure is more than 64 times higher than that paid to ransomware gangs.

In one version of the attack, the hacker will break into the email account of the CEO, CFO, or another executive and then send an email to you and others asking you to attend an important virtual meeting. The attackers are so sophisticated that some of them even use AI-created deepfake audio to sound like the real CEO. All they need is a small sound bite of the person to create this deepfake, and some of them are difficult to tell from the real thing.

Sometimes, they will insert a still picture of the CEO in addition to the deepfake audio. Then, the hacker will instruct employees to transfer funds via the virtual meeting platform chat or in a follow-up email. The bottom line is that if you are in a virtual meeting and something doesn't look or sound right, be suspicious.

What You Can Do

Like many forms of phishing, the best thing that you can do is to be informed and stay alert. If you receive an email or message while you are in a virtual meeting requesting you to send money, it’s a good idea to verify the identity of the person. Be on the lookout for hyperlinks that may contain misspellings of the company or CEO name, plural forms, hyphenated forms, and other common tactics to trick you.

Another form of the attack is to break into an employee’s email and use it to collect information about the company’s daily operations. That's why it is important to use good cyber safety practices like:

  • Never sharing passwords

  • Using strong passwords and two-factor authentication

  • Not leaving your screen open when not at your computer

  • Being aware when using public Wi-Fi

  • Using a VPN when on a public network

  • Using malware detection and keeping it updated

The final suggestion for keeping safe and preventing yourself from falling victim to one of these scams is to make sure to verify that everything is legitimate if someone asks you to send money to them. If it is truly a legitimate request, in today's world, the person will probably appreciate you taking the extra step to protect yourself and the company from falling victim to a cybercrime. Cybercriminals are clever and continually devise new ways to try to separate you from your hard-earned money. That’s why it is important to stay informed and be cautious.

At Perspective Omni Media, we provide cybersecurity solutions in New York City and beyond. Contact Perspective Omni Media about implementing a plan for your small or medium-sized business that can protect you and your client's data.