Cisco Webex offers collaborative solutions to help them users to organize teleconferences, online seminars, online meetings and share their screens with colleagues and friends. THE platform has gained many more users during this time due to unusually increased remote work.
Phishing pages in domains that look authentic
Attackers evoke a sense of urgency with their phishing messages using graphics and formatting that mimic automatic alerts SSL certificate error, which Cisco Webex would send to them users.
Phishing emails seem to come from the Cisco Webex team and warn the targets that they should verify their accounts, as they have been blocked by the administrator due to Webex Meetings SSL cert errors.
Users are then asked to click on one built-in “Login” link, which will allow them to log in and unlock their accounts.
"The domain of this page was recently registered by someone on The Czech Republic and is not affiliated with Webex or Cisco ”.
If users put their credentials on the phishing page, they will be sent to one server controlled by hackers.
"The attacker could use the compromised user account to carry out other attacks within the organization and on external collaborators," the researchers explained.
Emails and alerts look very compelling, so they could bypass at least some Secure Email Gateways' (SEGs) protections and persuade many of the targets to visit the phishing page.
Many platforms that allow remote collaboration and communication have been targeted. hackers this period.
Recently, fake notifications were sent Microsoft Teams. The goal was to steal Office 365 credentials.
What makes them attacks Even more dangerous is the fact that users are already receiving a lot of notifications from various online collaboration services, so it's easy to get confused.