According to the FBI, scammers are using fake video meetings to steal your money. No more scams restricted to business email compromise, virtual meeting tools like Microsoft Teams and Zoom which are widely used to collaborate via video are being targeted by scammers.
While email phishing relies on fake, spoofed, or compromised email domains to relay messages to targets with an intention to fool the victims into transferring money. These are simple scams peppered with cleverly constructed plans to lure victims into falling prey to the email. According to the FBI, cybercrime via email phishing has amounted to nearly $1.8 billion in 2020.
According to the FBI’s Internet Crime Center (IC3), there has been a surge in BEC scams using video meetings between 2019 and 2021. This is a period where the world switched over to video meetings in a bid to adjust to the COVID-19 pandemic and remote working.
With meetings requiring physical presence unlike in the case of email where you type text, it may not seem to be an obvious medium of getting scammed. Though when used in combination with email the video scam works which the attackers are using to embed themselves into trusted video conversation.
The FBI said, “Criminals began using virtual meeting platforms to conduct more BEC-related scams due to the rise in remote work because of the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.”
According to the FBI, the attacker compromises employee emails and “inserts themselves in workplace meetings via virtual meeting platforms to collect information on a business’s day-to-day operations.”
Additionally, they can also break an employer’s email, like the CEOs, and send spoofed emails to employees “instructing them to initiate transfers of funds, as the CEO claims to be occupied in a virtual meeting and unable to initiate a transfer of funds via their own computer.”
They can also participate in video meetings and proceed to instruct employees to initiate transfers of funds via the virtual meeting platform chat or in a follow-up email.
How to avoid getting scammed with fake video meetings?
- Avoid using outside virtual meeting platforms not normally utilized in your internal office setting.
- Always use secondary channels or two-factor authentication to verify requests for changes in account information.
- Ensure the URL in emails is associated with the business/individual it claims to be from.
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Refrain from supplying log-in credentials or personal information of any sort via email.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
- Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
- Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.
Hackers of GiveSendGo Breach Leak Names, Personal Details of Donors to ‘Freedom Convoy’ Protest
ShadowPad Malware Attacks Shows Links with Chinese Ministry and PLA
Crypto Hackers Steal $36 Million from Retirement Accounts