Zooming in on Security Threats of using Zoom
In the wake of coronavirus pandemic, Zoom Cloud Meetings has arguably consolidated its position as the top videotelephony and online collaboration software.
With the impact of coronavirus felt deep and wide across countries and continents, demands to identify and adopt videoconferencing and collaboration software have skyrocketed. Social distancing has never been so imaginable before COVID-19 virus managed to kill several thousands in a space of only few months.
At the top of the pack of remote collaboration and videoconferencing software platforms, Zoom Cloud Meetings is currently witnessing a surge in popularity around the world. However, that has not been without its perceived failings. In a spate of moves, governments of US and India, along with those of several other countries, have been quick to issue advisories, circulars, memos and warnings to spread general awareness on Zoom's fallibility insofar as addressing security measures are concerned.
Emails from Hackers claiming to be from Zoom
In an article, dated April 21, 2020, that appeared in the Times of India, readers were made aware of a report from Proofpoint, a cyber security company based in the United States. The TOI article, citing the report published by Proofpoint, has detailed how malicious users can gain access to users' computers by sending three different emails each bearing any of the respective subject lines:
- Zoom Account
- Missed Zoom Meeting
- ServLoader/NetSupport with “[Company] Meeting cancelled - Could we do a Zoom call?”
Users may receive any one or all emails bearing those subject lines.
How to Avoid Taking the Bait
Software embedded in those emails remain harmless and inert so long as users do not attempt to click on any link inside or follow instructions posted by hackers in such emails.
In order not to fall into the trap set by hackers through such emails, users need only to look at the originating email address carefully. The "To:" address field in suspected emails will almost invariably contain an email address that does not end in "@zoom.us".
Images of emails, as examples, have been collected and made available by Proofpoint in its report that it has published on April 19, 2020 and which forms the basis of the TOI article.
What the Proofpoint Report Also States
The TOI article is silent on the fact that the Proofpoint report also highlights a similar issue with Cisco WebEx.
Are We Witnessing Such Cases For the First Time?
These are not isolated cases and has nothing specifically to do with Zoom as a special case. Each year, users everywhere are almost always inundated with emails containing harmful content from hackers. Which is why, almost all leading internet email providers have spam filters, and virus or Trojan-removal systems in place to protect users.
In the case of Zoom, its rising popularity has also caused the ranks of hackers, detractors and critics to swell.