UC Roundup: Zoom Phishing Scam, Broadvoice Data Leak


UC Roundup

A new Zoom phishing scam and Broadvoice data leak are latest examples of cyber risks to UC users amid the COVID-19 pandemic.

SlashNext brought to our attention the new Zoom phishing scam. It is perpetuated by the rise in remote workers due to COVID-19.

In the Zoom phishing scam, bad actors pose as Zoom corporate. They send emails saying all users must verify their email addresses with a button click named “Activate Now.”

Once clicked, the Zoom phishing scam email takes them to a known phishing/fake website. It instructs users to log in with their Zoom credentials. The hacker then has access to your Zoom account, meetings and participant email addresses.

When contacted, Zoom sent us the following statement:

“Zoom users across all services and technology platforms should be cautious with emails, links or files received from unknown senders. Users should take care to only click on authentic links or open attachments to known and trusted service providers. Zoom users should be aware that links to our platform will only ever have a or domain name. Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”

In addition to the Zoom phishing scam, a recent Broadvoice data leak exposed 350 million records. Anyone could view the information with no authentication required for access. Many of the records included personal details and voicemail transcripts of Broadvoice clients’ customers.

The customer records are related to Broadvoice’s b-hive cloud-based communications suite.

The data leak was discovered by Comparitech researchers. It said the data included caller names, phone numbers and locations, among other data. One database included transcriptions of hundreds of thousands of voicemails. Many involved sensitive information such as details about medical prescriptions and financial loans.

The cluster included around 10 collections, the largest of which held more than 275 million records.

Rebecca Rosen is Broadvoice‘s vice president of marketing.

Broadvoice's Rebecca Rosen

Broadvoice’s Rebecca Rosen

“During a call log database upgrade, the data was stored in an inadvertently unsecured storage service on Sept. 28 until Oct. 2 when it was secured,” she said. “We alerted affected customers on Oct. 15.”

An investigation is ongoing, Rosen said. And there’s no evidence of any unauthorized acquisition of the data except by Comparitech.

It appears that the security researcher sampled a small number of records for the purpose of demonstrating the issue, Rosen said. Those records include contact information for a limited number of customers, as well as a small number of call detail records and voicemail transcriptions.

Broadvoice will notify customers whose data was in the records acquired by the researcher when its investigation is complete, Rosen said. Furthermore, it will provide information about the event.

“Additionally, we are reinforcing our …

Pages:  1 2 3 Next

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 141696