Cybercriminals have launched a new series of phishing attacks which attempt to steal the account credentials of Cisco Webex users by utilizing fake certificate error warnings.
Just as other video conferencing software has seen a huge uptick in usage by remote workers during the pandemic, so to has Cisco’s video and team collaboration solution.
So far the campaign, which uses graphics and formatting taken from legitimate Cisco emails to impersonate the company, has already sent out phishing emails to up to 5,000 Webex users according to the email security firm Abnormal Security.
The attackers try to lure in users by inducing a sense of urgency in their phishing emails that are designed to closely resemble the automated SSL certificate error alerts that the company sends out to its customers.
Cisco Webex phishing attack
The phishing emails used in the campaign warn unsuspecting users that they need to verify their accounts as they are blocked by the administrator as a result of Webex Meeting SSL certificate errors. Users are then asked to click on an embedded “Log in” hyperlink in the message and sign in in order to unlock their accounts.
Abnormal Security provided more details on the link contained in the campaign’s phishing emails in an advisory, saying:
“The email includes a SendGrid link that redirects to a WebEx Cisco phishing credentials site hosted at “https://app-login-webex.com/”. The domain of this webpage has been recently registered by a registrar in the Czech Republic, and is not affiliated with Webex or Cisco more broadly. Attackers likely control this website and use it to steal user credential information.”
Once the attackers have obtained a user’s Cisco Webex credentials, they could use this compromised account to launch additional attacks within their organization or even target external partners. This attack is particularly dangerous due to how well the phishing campaign has managed to clone Cisco’s official emails in order to trick users into giving up their credentials.