Rewterz Threat Alert – Phishers Continue to Spoof WebEx

Severity

Medium

Analysis Summary

Another phishing campaign that attempts to get users to give up their WebEx credentials. The initial email claims that there is an SSL certificate issue related to WebEx that requires the user to login and verify their account. The body of the email appears professional and leverages the WebEx logo to reinforce its legitimacy. Additionally, a SendGrid link is used to hide the true destination URL. If a user clicks the link, they will be redirected to a domain with an SSL certificate and web meeting theme as opposed to the actual WebEx domain. The landing page appears to be a copy of the real WebEx login page. The first page simply asks for the user’s email address, while the second requests their password also. In order to avoid raising suspicions, after the credentials are captured by the attacker, the victim is redirected to the legitimate WebEx login page. The researchers note that they were able to find an open directory hosted on the attacker’s server containing the files that generate the fake webpage.

Affected Vendors

WebEx

Remediation

• Always be suspicious about emails sent by unknown senders.
• Never click on the links/attachments sent by unknown senders.
• Always be suspicious about emails sent by unknown senders.