Light Dark
April 15, 2020 By Shane Schick 2 min read

A phishing campaign is targeting WebEx users who are working from home by spoofing IT security alerts, according to security researchers.

Details of the scheme were first outlined in a report from the Cofence Phishing Defense Center. According to the report, hackers were managing to bypass the Secure Email Gateway offered by Cisco, which also makes WebEx. The report said remote workers are receiving email messages from an address designed to look like “meetings@webex[.]com.” The messages contain subject lines such as “Alert!” or “Critical Update.”

If they click on a link in the messages, the phishing campaign takes users to what looks like a legitimate WebEx login page, where they are asked to type in their credentials.

Strategically Written Email Copy

Even if a WebEx user isn’t overly concerned by the subject line, they might be tempted to click through when they read the body of the message.

The email copy tries to raise the recipient’s fears by warning about a phony software vulnerability that requires them to update their WebEx software. Failure to do so, the message warns, will allow third parties to install a “Docker container with high privileges on the system” even if they’re not authenticated.

To make the whole thing appear believable, the phishing message references a real Common Vulnerabilities and Exposures (CVE) number and embeds a link with similar wording to the body copy. Even hovering over the “Join” button looks like an actual Cisco WebEx URL.

Protect Your Workforce From Phishing Threats

Although the cybercriminals behind the campaign were able to replicate the overall look and feel of a WebEx page, researchers noticed there is at least one way to spot the potential risk. Anyone who types in their username on the bogus landing page will immediately be asked for their password, however, longtime WebEx users will know that the real service will search for associated accounts as part of a verification process before asking for a password.

As recent research from IBM X-Force pointed out, 84 percent of advanced persistent threat (APT) groups they track use spear phishing as a primary attack vector. Given the number of employees now working from home, offering security awareness training and keeping users up to date on the latest threat intelligence is essential to safeguard critical data.

 |  |  |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

May 17, 2024

How a new wave of deepfake-driven cybercrime targets businesses

5 min read - As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit.Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries.Call centers of major banks and financial institutions are now overwhelmed by an onslaught of deepfake calls using voice cloning technology in efforts to break into customer…

May 16, 2024

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

May 15, 2024

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature