A phishing campaign is targeting WebEx users who are working from home by spoofing IT security alerts, according to security researchers.

Details of the scheme were first outlined in a report from the Cofence Phishing Defense Center. According to the report, hackers were managing to bypass the Secure Email Gateway offered by Cisco, which also makes WebEx. The report said remote workers are receiving email messages from an address designed to look like “[email protected][.]com.” The messages contain subject lines such as “Alert!” or “Critical Update.”

If they click on a link in the messages, the phishing campaign takes users to what looks like a legitimate WebEx login page, where they are asked to type in their credentials.

Strategically Written Email Copy

Even if a WebEx user isn’t overly concerned by the subject line, they might be tempted to click through when they read the body of the message.

The email copy tries to raise the recipient’s fears by warning about a phony software vulnerability that requires them to update their WebEx software. Failure to do so, the message warns, will allow third parties to install a “Docker container with high privileges on the system” even if they’re not authenticated.

To make the whole thing appear believable, the phishing message references a real Common Vulnerabilities and Exposures (CVE) number and embeds a link with similar wording to the body copy. Even hovering over the “Join” button looks like an actual Cisco WebEx URL.

Protect Your Workforce From Phishing Threats

Although the cybercriminals behind the campaign were able to replicate the overall look and feel of a WebEx page, researchers noticed there is at least one way to spot the potential risk. Anyone who types in their username on the bogus landing page will immediately be asked for their password, however, longtime WebEx users will know that the real service will search for associated accounts as part of a verification process before asking for a password.

As recent research from IBM X-Force pointed out, 84 percent of advanced persistent threat (APT) groups they track use spear phishing as a primary attack vector. Given the number of employees now working from home, offering security awareness training and keeping users up to date on the latest threat intelligence is essential to safeguard critical data.

More from

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Why Zero Trust Works When Everything Else Doesn’t

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a "default deny" security posture. All people and devices must prove explicit permission to use each network resource each time they use that resource. Using microsegmentation and least privileged access principles, zero trust not only prevents breaches but also stymies lateral movement should a breach…

5 Golden Rules of Threat Hunting

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that's already too late.Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for ones that evade the dashboards of their security solutions.However, advanced threat actors have learned to blend in with their target's environment, remaining unnoticed for prolonged periods. Based…

Third-Party App Stores Could Be a Red Flag for iOS Security

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…