The number one vector for getting your computer compromised, your password disclosed, your data exposed and your digital life screwed up is social engineering, i.e. manipulating you in a way to make you trust an e-mail, a web URL or attachment, and lure you into clicking on a malicious link. One click and it's game over!
Indeed, we have covered the risk of browsing the web (remember "STOP - THINK - DON'T CLICK"?), malware and drive-by downloads as well as phishing in various recent Bulletin issues. In many cases, the primary attack vector boils down to convincing you to click on a malicious link (or open a malicious attachment). In today's teleworking world, a nice new evil path opens up: malicious video-conferencing invitations…
Collaboration in teleworking times requires us to use one or more different video conferencing tools. Skype. WebEx. Teams. Vidyo. Zoom. You name it. Scheduling of the corresponding meetings usually proceeds via e-mail and calendar invitations, like the one below. Looks familiar, no?
As with any other e-mail, the ultimate truth of this calendar invitation depends on many factors: the sender's name, the sender's e-mail address, whether or not the e-mail has been digitally signed, the message text and contents, typos, language, social hook and level of intimacy, etc. If this overall "package" looks reasonable to you, you will trust its contents and follow up. And if this is a sophistically crafted but evil message, you might fall for the trap and click the malicious link. Check the example above again! The link is indeed malicious and the meeting is not on CERN's default Zoom instance at cern.zoom.us… Instead, the link leads you to cern.zoom-us.aws-e4dfa2f4.com, which has nothing to do with Zoom nor with CERN, and which might not even host teleconferencing software, but is solely intended to infect and compromise your device. With just a few clicks: game over!
