Skip to main content

New phishing campaign spoofs WebEx to target remote workers

(Image credit: Image Credit: wk1003mike / Shutterstock)

Cybersecurity companies and governments across the globe have warned that hackers are highly likely to take advantage of the influx of remote workers. Cybersecurity researchers from Cofense have now uncovered a real-life example.

Researchers have identified a phishing campaign in which criminals attempt to trick Cisco WebEx users into giving away their login credentials. The hackers lure victims with an email subject line such as “Critical Update” or “Alert” and spoofed address meetings[@]webex[.]com.

The content of the email and the links within are reportedly “eerily similar” to legitimate communications. Users that click on the link are transported to a website “identical to the legitimate Cisco WebEx login page” with no visual difference to the original one.

Having provided their login credentials, victims are then redirected to the official  WebEx download page - a measure designed to conceal the tracks of the cybercriminals responsible.

At the time of writing, the fraudulent domain is still operational, showing an open directory with files used by the criminals as part of the attack.

“With many organisations quickly adopting remote working policies, threat actors are poised to continue to spoof brands that facilitate virtual collaboration and communication, such as teleconferencing tools and cloud solutions,” Cofense concludes.