Under the guise of receiving monetary compensation "in connection with COVID-19" or for subscribing to the service, users are lured to fraudulent sites where money and Bank card data are stolen
Group-IB has documented a new Zoom scam to steal money and user data. This was reported by the press service of the company.
The study began after users complained about the emails they received from the Zoom service. They offered to get compensation "in connection with COVID-19" and provided a link to fraudulent sites where the victim's money and Bank card details were stolen. Analysts from the Group-IB's Computer Emergency Response Team (CERT-GIB) found that the emails were sent not from a fake domain, but from an official service.
"The thing is that when registering, Zoom offers the user to fill out a profile - specify "First name" and "Last name", providing the ability to insert up to 64 characters in each field. Fraudsters use this opportunity by inserting the phrase: “You are entitled to compensation in connection with COVID-19" and indicate a link to a fraudulent site,” explained the company.
After clicking on the link, users were asked to enter the last 4 or 6 digits of their Bank card number. Fraudsters calculated "compensation" for the user: from 30 thousand to 250 thousand rubles ($385 - $3,200). But to get this money, the victim had to pay a small amount "for legal assistance in filling out the questionnaire" - about 1 thousand rubles ($12). So, users entered card data on such resources, but as a result, they lost both money and Bank card data.
According to the Deputy head of CERT-GIB Yaroslav Kargalev, the Zoom service needs to implement a more thorough verification of the data that the user enters when registering an account, as well as completely prohibit the use of third-party links in the profile. Since the beginning of 2020, CERT-GIB has recorded the appearance of about 15.3 thousand domains containing the name Zoom - the surge in registration occurred during the period of remote work.