WebEx users targeted in new phishing campaign

News
By
last updated

Attackers are trying to steal users' WebEx credentials through an elaborate phishing campaign

(Image credit: Shutterstock)

A new phishing campaign designed to harvest Cisco WebEx credentials through a security warning for the application has been discovered by the Cofense Phishing Defense Center (PDC).

Surprisingly, Cisco's own Secure Email Gateway failed to catch this new campaign which was launched at a time when millions of people are working from home using a variety of online platforms and software. Cybercriminals are well aware of this and have begun to exploit trusted brands like WebEx to deliver malicious emails to users.

Video conferencing software has been targeted by attackers in the past but the rapid influx of remote workers during the global pandemic makes for easy prey for hackers. Cofense anticipates that there will continue to be an increase in remote work phishing in the months to come.

WebEx phishing campaign

This latest phishing campaign begins with potential victims receiving an email with subject lines such as “Critical Update” or “Alert” from the spoofed address “meetings@webex.com”. The body of the email explains that there is a vulnerability that the user must patch or risk allowing an unauthenticated user to install a “Docker container with high privileges on the system”.

This quite clever on the part of the hackers as they have spoofed a legitimate business service and have even included links to a write-up for a legitimate vulnerability tracked as CVE-2016-9223. To make their email more compelling, the linked article uses the same wording as the email.

The attackers have also created a fake URL (https://globalpagee-prod-webex.com/signin) which, at first glance, appears quite similar to the actual Cisco WebEx URL (http://globalpage-prod.webex.com/sigin). However, upon further inspection, it is clear that the spoofed URL contains an extra "e" and uses a dash instead of a period at the end.

To carry out this attack, the hackers registered a fraudulent domain through Public Domain Registry just a few days before sending out their credential phishing email. They even went as far as to obtain a SSL certificate for their fraudulent domain to make it appear more legitimate. Once again though there is a discrepancy though, as the official Cisco certificate is verified by HydrantID while the attacker's certificate is through Sectigo Limited.

The phishing page then redirects users to a fake Cisco WebEx login page that is visually identical to the real thing. Once a user logs in, the attackers then have their WebEx credentials which could be sold on the dark web or used to launch additional attacks against them or their organization.

Working from home certainly has its perks but remote workers must remain vigilant to avoid falling victim to this and the many other scams making their way around the internet at the moment.

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
Latest in Security
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
Latest in News
AOC Agon Pro AG276FK gaming monitor tilted slightly to the side, showing the Windows desktop screen
Windows 11 users get ready for more ‘recommendations’ from Microsoft – but I’m relieved to say these suggestions might actually be useful
Google Chromecast 2
Chromecast users are getting increasingly angry about a weird 'untrusted device' bug that blocks casting – but a fix is coming
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
Assassin's Creed Shadows
Assassin's Creed Shadows PS5 Pro details have been revealed and the biggest difference appears to be ray tracing
Spotify AI DJ on a phone being held in a hand
Hey AI DJ, put a record on: Spotify seems set to let you speak to its AI DJ
UNA Watch
UNA Watch is the sustainable wearable that wants to replace your Apple Watch
More about security
How to prevent cyberattacks

NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps

Agentic AI has “profound” issues with security and privacy, Signal President says
Google Chromecast 2

Chromecast users are getting increasingly angry about a weird 'untrusted device' bug that blocks casting – but a fix is coming
See more latest
Most Popular
Google Chromecast 2
Chromecast users are getting increasingly angry about a weird 'untrusted device' bug that blocks casting – but a fix is coming
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Spotify AI DJ on a phone being held in a hand
Hey AI DJ, put a record on: Spotify seems set to let you speak to its AI DJ
UNA Watch
UNA Watch is the sustainable wearable that wants to replace your Apple Watch
AOC Agon Pro AG276FK gaming monitor tilted slightly to the side, showing the Windows desktop screen
Windows 11 users get ready for more ‘recommendations’ from Microsoft – but I’m relieved to say these suggestions might actually be useful
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
Assassin's Creed Shadows
Assassin's Creed Shadows PS5 Pro details have been revealed and the biggest difference appears to be ray tracing
A collage of Iman Vellani's Kamala Khan in Marvels, Robert Downey Jr as Doctor Doom at Comic Con 2024, and Hailee Steinfeld's Kate Bishop in Hawkeye
'We take the comprehensive view': Joe and Anthony Russo drop big hint over Marvel heroes from Disney+ shows appearing in Avengers 5 and 6
International Space Station
Is the moon too far for your data? IBM's Red Hat is teaming up with Axiom Space to send a data center into space
Samsung NAND
Well, that's unexpected: Samsung will team up with its fiercest Chinese rival to produce next gen NAND flash