Cisco Webex phishing attack wants to steal your logins

(Image credit: wk1003mike / Shutterstock )
Audio player loading…

Cybercriminals have launched a new series of phishing attacks which attempt to steal the account credentials of Cisco Webex (opens in new tab) users by utilizing fake certificate error warnings.

Just as other video conferencing software has seen a huge uptick in usage by remote workers during the pandemic, so to has Cisco's video and team collaboration solution.

So far the campaign, which uses graphics and formatting taken from legitimate Cisco emails to impersonate the company, has already sent out phishing emails to up to 5,000 Webex users according to the email security firm Abnormal Security.

The attackers try to lure in users by inducing a sense of urgency in their phishing emails that are designed to closely resemble the automated SSL certificate error alerts that the company sends out to its customers.

Cisco Webex phishing attack

The phishing emails used in the campaign warn unsuspecting users that they need to verify their accounts as they are blocked by the administrator as a result of Webex Meeting SSL certificate errors. Users are then asked to click on an embedded “Log in” hyperlink in the message and sign in in order to unlock their accounts.

Abnormal Security provided more details on the link contained in the campaign's phishing emails in an advisory (opens in new tab), saying:

“The email includes a SendGrid link that redirects to a WebEx Cisco phishing credentials site hosted at “https://app-login-webex.com/”. The domain of this webpage has been recently registered by a registrar in the Czech Republic, and is not affiliated with Webex or Cisco more broadly. Attackers likely control this website and use it to steal user credential information.”

Once the attackers have obtained a user's Cisco Webex credentials, they could use this compromised account to launch additional attacks within their organization or even target external partners. This attack is particularly dangerous due to how well the phishing campaign has managed to clone Cisco's official emails in order to trick users into giving up their credentials.

Via BleepingComputer (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.