Cybercriminals are infiltrating Teams and Zoom meetings and asking unsuspecting employees for money.
The Federal Bureau of Investigation (FBI) in the U.S. said the trend towards remote and hybrid working has enable hackers to find new ways to scam employees. It warns companies to be aware of how criminals are using virtual meeting platforms to instruct victims to send funds to fraudulent accounts.
The offenders use a scam known as a Business Email Compromise (BEC) to hack, for example, the email address of a finance director or CEO.
An employee is asked via email to participate in a virtual meeting where the criminal inserts a fake picture of a senior executive. There is no audio, or they claim their audio is not working correctly. The manager than instructs the employee to transfer funds using the virtual meeting chat or via a follow-up fake email message.
Hackers are also using other social engineering cyberattacks such as phishing emails to steal login details for Microsoft 365 which includes Teams as part of the software package.
The FBI says hundreds of thousands of dollars have been sent to criminals using this kind of scam which has become popular since 2020 because more people are working from home.
Hacking virtual meetings is also a way to circulate malware into a company system.
Zach Fleming, principal architect at cyber specialists Integrity360, said organisations should ensure their employees can recognise signs of social engineering attacks and implement checks prior to initiating fund transfers.
He said criminals are also hacking Teams and Zoom meetings to listen to private business conversations.
“With people working at home it has become easier for criminals to hack meeting invites and dial into confidential conversations,” he said. “The risk to a business could be high if, for example, it was the finance team talking about sensitive commercial information. If a meeting has many people online at once and people have their cameras off and are on mute, it can be even easier for a criminal to join.”
Fleming’s advice for businesses includes ensuring only the host can admit people to the meeting. He said it is also advisable to have a waiting room to check who is trying to join the meeting, to keep the meeting ID as private as possible and to not sharing it on too many platforms such as Yammer or Slack.
“Our clients are surprised when we tell them people are hacking Teams meetings and using benign technologies to their advantage,” he said. “It all started at the beginning of the pandemic with students entering online classes to disrupt the teaching. Criminals soon realised the opportunities.”
Charles Brook is a threat intelligence researcher at email security company Tessian and he said there had been an increase in email scams in recent months.
He urged businesses can protect themselves and their employees by raising awareness of the scams that are happening and helping workers to understand how they could become a victim.
“There are security solutions that can alert employees of the potential threats when emails land in their inbox,” he said. “Remind staff to think twice before clicking on a link or downloading an attachment in an email that is requesting money. Check the source and the email header to confirm the originator is legitimate. If employees do receive something unusual, create an easy process for them to share the threat with their security department.”