HomesecurityTheft of credentials through false notifications from Cisco Webex

Theft of credentials through false notifications from Cisco Webex

Cisco webex

A new phishing campaign sends to victims false "certificate error" notifications with graphics and form that seem to come from Cisco Webex. The goal is theft of their credentials users.

Cisco Webex offers collaborative solutions to help them users to organize teleconferences, online seminars, online meetings and share their screens with colleagues and friends. THE platform has gained many more users during this time due to unusually increased remote work.

According to statistics released by the company security Abnormal Security, these Phishing emails have already reached inboxes of at least 5.000 targets using Cisco Webex while working remotely.

Phishing pages in domains that look authentic

Attackers evoke a sense of urgency with their phishing messages using graphics and formatting that mimic automatic alerts SSL certificate error, which Cisco Webex would send to them users.

Phishing emails seem to come from the Cisco Webex team and warn the targets that they should verify their accounts, as they have been blocked by the administrator due to Webex Meetings SSL cert errors.

Users are then asked to click on one built-in “Login” link, which will allow them to log in and unlock their accounts.

Cisco webex

"Phishing email includes a SendGrid link that redirects users to one Phishing WebEx Cisco site, hosted at https: // app-login-webex [.] Com ”, said Abnormal Security researchers.

"The domain of this page was recently registered by someone on The Czech Republic and is not affiliated with Webex or Cisco ”.

If users put their credentials on the phishing page, they will be sent to one server controlled by hackers.

"The attacker could use the compromised user account to carry out other attacks within the organization and on external collaborators," the researchers explained.

Emails and alerts look very compelling, so they could bypass at least some Secure Email Gateways' (SEGs) protections and persuade many of the targets to visit the phishing page.

Many platforms that allow remote collaboration and communication have been targeted. hackers this period.

Recently, fake notifications were sent Microsoft Teams. The goal was to steal Office 365 credentials.

What makes them attacks Even more dangerous is the fact that users are already receiving a lot of notifications from various online collaboration services, so it's easy to get confused.

Digital fortress
Pursue Your Dreams & Live!