April 15, 2020 By Shane Schick 2 min read

A phishing campaign is targeting WebEx users who are working from home by spoofing IT security alerts, according to security researchers.

Details of the scheme were first outlined in a report from the Cofence Phishing Defense Center. According to the report, hackers were managing to bypass the Secure Email Gateway offered by Cisco, which also makes WebEx. The report said remote workers are receiving email messages from an address designed to look like “meetings@webex[.]com.” The messages contain subject lines such as “Alert!” or “Critical Update.”

If they click on a link in the messages, the phishing campaign takes users to what looks like a legitimate WebEx login page, where they are asked to type in their credentials.

Strategically Written Email Copy

Even if a WebEx user isn’t overly concerned by the subject line, they might be tempted to click through when they read the body of the message.

The email copy tries to raise the recipient’s fears by warning about a phony software vulnerability that requires them to update their WebEx software. Failure to do so, the message warns, will allow third parties to install a “Docker container with high privileges on the system” even if they’re not authenticated.

To make the whole thing appear believable, the phishing message references a real Common Vulnerabilities and Exposures (CVE) number and embeds a link with similar wording to the body copy. Even hovering over the “Join” button looks like an actual Cisco WebEx URL.

Protect Your Workforce From Phishing Threats

Although the cybercriminals behind the campaign were able to replicate the overall look and feel of a WebEx page, researchers noticed there is at least one way to spot the potential risk. Anyone who types in their username on the bogus landing page will immediately be asked for their password, however, longtime WebEx users will know that the real service will search for associated accounts as part of a verification process before asking for a password.

As recent research from IBM X-Force pointed out, 84 percent of advanced persistent threat (APT) groups they track use spear phishing as a primary attack vector. Given the number of employees now working from home, offering security awareness training and keeping users up to date on the latest threat intelligence is essential to safeguard critical data.

More from

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

What should an AI ethics governance framework look like?

4 min read - While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher.As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles.AI is also high on the list of United States government concerns.…

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today