People make the mistake of thinking that scammers only go after computer novices or senior citizens, but the truth is they’re targeting everyone — including working Americans.
There are numerous examples of hackers spreading malware with imposter emails that look like they came from a boss or co-worker. If you aren’t careful, downloading one of these malicious attachments can infect your computer. Tap or click here to see how one of these imposter scams work.
Since so many workers are using Zoom during the pandemic, scammers mention the video conferencing service as part of a scary new tactic. If you get a Zoom invite that doesn’t seem right, be careful: It could be the opening volley of a cyberattack.
That Zoom message isn’t what you think it is
An unusual scam targeting American workers is invoking Zoom to trick people into visiting phishing websites. The Better Business Bureau’s outline of the scam explains that these sites are dangerous places to visit and that some of them can even download malware to your computer without you noticing.
Here’s how the scam works: Victims will get an email, text or social media message that looks like it comes from Zoom itself. The message will claim that the victim either missed an important meeting or had their account suspended and that the only way to make things right is to click the attached link.
Clicking on the link takes victims to a site that looks like an official login page for Zoom. In reality, it’s a spoofed site that will steal your account credentials the moment you log in.
And if you share your password with any other accounts, the hackers behind this scam will be sure to try it on several websites. Tap or click here to see a site that can show you if your email or password is part of a data breach.
Fortunately, the scam is pretty easy to spot. If you know exactly what to look for and avoid responding, it can’t hurt you at all. Here are a few security tips the BBB wants you to keep in mind:
- Double-check the sender’s information. Zoom.com and Zoom.us are the only official domains for Zoom. If the sender’s email looks similar but doesn’t quite match, that’s a red flag for a scam.
- Never click on links from unsolicited emails. Classic phishing scams require victims to click on a link or file attachment to work. If you get an unknown email with a link or attachment and avoid opening it, the scam can’t affect you.
- Resolve issues directly. If you get an email or message from a company like Zoom and can’t tell if it’s real, you can always reach out to the company directly and find out more information. Visit the official website of the company you’re trying to get in touch with and look for a “Contact” page for direct phone numbers and email addresses. There’s no need to rely on a middleman that has can potentially scam you.
More pandemic scam emails targeting workers
Zoom isn’t the only tactic that scammers are using against displaced or at-home workers this year. Another bizarre con discovered by researchers at Abnormal Security involves fraudulent “back to work” notices that look just like the real thing.
Phishing emails coming from this campaign spoof victims’ company mail services and look like real internal memos. The goal is to trick the victim into thinking it’s a real message from their boss or company.
The text of the message will claim that the company is planning on returning to the office for work, and the message will include an “HR form” for the victim to sign and fill out. This file, of course, is nothing more than a malicious Office document.
Interacting with the document will lead victims to a site that can steal their login credentials. Researchers fear that this email, unlike other scam campaigns, may have a higher open rate due to how many people are still working from home.
Thankfully, the same rules as above apply to this scam. If you get an email that appears to have come from your company with an attached file, contact HR (or a manager) and confirm the company actually sent it.
Beyond that, use caution when opening any links or emails from unknown senders. At this point in time, it just isn’t worth the risk anymore.