An interesting Zoom phishing thing happened yesterday
My wife (Kim,) was helping with a rather large mostly public Zoom event with speakers and such. To get into the event you needed a password, but this was not particularly hard to obtain as it was pretty close to completely open as a community event.
This may be a well known attack vector, but it was news to me. TL;DR – Phishing, pretending to be someone who is currently in the meeting / speaking.
As presenters were presenting and the facilitators were facilitating and answering questions in chat, someone noticed there was a person with the same name as them in the meeting. Odd, but they disappeared and not much was thought of it for the next hour or so (this was an 8-hour long multi-speaker megaZoom.)
A while later another of the facilitators noticed that the presenter was up and there were two people in the conference now with the name of the presenter. The duplicate person changed their name as soon as it was discovered (it was not called out, name change at the time someone was looking was probably just a coincidence,) and the facilitators all started looking through the list of attendees (which I gathered numbered in the hundreds,) for anyone with the name of the presenters or facilitators.
When the person changed their name to one of the facilitator’s names and it was caught, they got booted.
What we suspect was happening was this person was hitting up various attendees via direct message claiming to be one of the facilitators or speakers in an attempt to get information. Phishing plot live by DM impersonating someone who was there and had spoken during the meeting. Do you have any reason to doubt that Person A who just spoke in this Zoom session is the person who just messaged you? Probably not.
