Zoom users complained that they received messages about the issuance of compensation “in connection with COVID-19” or for a server subscription. Group-IB experts have uncovered a new scheme for stealing money.
Image taken from: Рixabay
In order for the user to allegedly receive a “payment”, he had to click on the link of the site indicated in the message from Zoom, and after the person was redirected to other resources. There, attackers stole card data and money. SMS did not raise suspicions, because they came from the official address of the company. As it turned out, the scammers used Zoom registration, which allowed each profile field to be filled in 64 characters. This is where phrases about compensation in connection with the covid were inserted, where a link to another site was attached. In addition, after registering, Zoom usually invites each user to invite up to 10 friends or acquaintances, indicating their mailing address. So the attackers registered and made invitations to potential victims, and someone fell for the trick.
People were asked to enter some numbers on their cards, and then the “due payment” was calculated up to 250 thousand rubles. Before receiving compensation, the user had to pay for the assistance of lawyers in filling out the questionnaire – this is about a thousand rubles. This is where the fraudsters received the name of the card holder, its number, term and, most importantly, the CVV code.
Group-IB experts warned Zoom about scammers.