Research by NordVPN shows that Americans, on average, spend 2 hours and 5 minutes a week making video calls via online meeting platforms like Zoom, Skype, and Microsoft Teams. With those platforms gaining popularity, cybersecurity experts warn users about the dangers of being scammed and infected by malware through them.
“Since the beginning of the Covid-19 pandemic, cybercriminals have been using visual meeting platforms as a new way to reach their victims. This resulted in new attacks that app developers were not ready for, including virtual meetings being disrupted by pornography and hate images, private meetings being made public, and many more serious issues,” Daniel Markuson, a cybersecurity expert at NordVPN, said.
The most recent reports on those cybercrime activities included the FBI public service announcement on February 16, which stated that criminals are using virtual meeting platforms for BEC (business email compromise) scams. Another issue was reported on February 17 by mail security provider Avanan, when hackers were spotted attaching .exe files to Microsoft Teams chats to install a trojan on an unsuspecting user’s device.
Explaining the dangers
A BEC scam is when a criminal hacks a business email account (a CEO’s, for example) to trick other employees into transferring money or giving up important company information. This is not a new issue. Losses related to these types of attacks increased to $1.8 billion in 2020, according to an FBI report (compared to $1.2 billion in 2018).
“The rise is associated with virtual meeting platforms’ usage to perform scams. Instead of sending a phishy email, criminals organise a video call on the hacked person’s end and pursue their colleagues to make money transfers, using deep-fake audio or instructing them via chat,” Markuson explained.
Criminals can also send an email asking employees to make a transaction, stating that the managing employee whose email account they hacked is currently in the meeting and cannot make a payment themselves.
“Malware can also be transferred through the chat section of the visual meeting platform. The biggest issue with these dangers is that there is very little a product developer can do at that point if the user is not well-informed or other points of a person’s communication (email or social media) are not secured in a proper way,” Makuson said.
“Even though many of us typically use virtual calling for work, it is important to stay cautious outside of it as well,” said Markuson, a cybersecurity expert at NordVPN.
To read more exclusive features and latest news please see our February issue here.
Media contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: editor@securitybuyer.com