Zoom Sophos Utm



Applies to the following Sophos products and versions Sophos UTM What to do Quality of Service (QoS) is a mechanism used to control bandwidth utilization. This article is not a comprehensive explanation of how QoS works, but rather a tutorial on the implementation of QoS on the UTM. The UTM uses four tabs to configure a full QoS implementation.

  • Sophos has a very small crew of people who continue to work on enhancing the UTM. At some point, they had actually stopped enhancing it and the word on the street was that they weren't going to enhance it any more because everybody was going to go over to XG, but they found that 50% of their users were still on the UTM and that was five years after they'd come out with the XG line.
  • Sophos UTM has the capability of providing Quality Of Service (QoS) for the traffic that passes through it. Because QoS is a generic term, let’s start with what it means. Wikipedia defines QoS as: The overall performance of a telephony or computer network, particularly the.

Scammers have turned to employment worries as their latest lure for Zoom phishing scams.

Qos

SophosLabs sent us several examples of spam messages received in the last few days that said, rather worryingly:

Sophos

The subject lines, message layout and meeting descriptions vary slightly, but the basic idea is the same.

To native speakers of English, the wording in both these examples is rather unnatural, and there’s a spelling mistake (perfomance) that you probably wouldn’t expect.

But the implications of the message are clear enough: if you miss this meeting, which is happening right now, you won’t get to fight your corner to keep your job.

As you can imagine, there’s a Zoom-like button to join you to the meeting…

…but if you click it you don’t end up on zoom.us, as you might expect.

Zoom Sophos Utm Extension

However, you do end up on an HTTPS (padlock showing) web page, as you would expect, and the login page is almost pixel perfect:

To remind you how quickly the crooks move once they’re ready to run a scam, note that the encryption certificate for this website was issed yesterday, not long before the spam that connected to it was sent.

For comparison, here’s the real Zoom login page to match up with the phoney page above:

The phishers probably don’t care what password you enter as long as it’s a valid one they can use on one of your accounts, but you’ll notice they’ve put the suggestion text Email Address Password into the password field instead of just Password as you see on Zoom’s page.

Presumably they’re hoping that if you notice this “hint”, you might use the password to your email account instead of your Zoom password.

Remember that access to your email account is likely to be worth a lot more to the crooks than your Zoom account would be, for the important reason that your email account is probably the way you go about doing password resets for many of your other accounts.

Whatever we entered as our password on the fake site, we ended up redirected to a genuine and vaguely relevant Zoom help page, as though something went wrong and perhaps we should simply try again:

In this way, the crooks don’t need to simulate a successful login or to pretend that your login failed – they just leave you in one of those “I wonder what happened there” moments where your inclination is simply to go back and start over.

Zoom Sophos Utm

Of course, by the time you see the (entirely genuine) Zoom help page, the email address and the password you entered have already been posted to the crooks instead of sent to Zoom, and whatever password you entered is now in enemy hands.

What to do?

If someone else is inviting you to a meeting, you shouldn’t need to login to Zoom first, given that they’re hosting.

Utm

So even if fear gets the better of you here and you click on the link, the appearance of a login page when you are expecting to join a meeting, rather than to host one, should be suspicious.

  • Don’t login after clicking links in emails. In this case, if you were to go to Zoom directly, or switch to the Zoom app, and then try to put in the meeting number given as text in the email, you would sidestep the phishing page altogether. (In theory, the crooks could have set up a meeting to “catch” people who do this, so never blindly believe a meeting is the real deal just because it’s running when you show up.)
  • Enable two-factor authentication if you can. Zoom supports 2FA, based on one-time codes generated by an app on your phone, and most email services do, too. With a different code every time you login, the inconvenience to you is very slight, but the extra effort for the crooks is huge because your password alone is no longer enough.
  • Tell your IT team promptly if you receive a message like this. Crooks rarely send phishing emails to just one person in a company, so if you can act as your organisation’s early-warning system, you’ll help to protect everyone else.
  • If you were phished, change your password at once. Even if you fall for a phish at first, many phishes are obvious after you put in your password because you don’t end up where you should and the deception stands out. The sooner you change your password, the less time the crooks have to try it out first.
Utm

Sophos Utm Zoom Exceptions

Latest Naked Security podcast

LISTEN NOW

Zoom Sophos Utm Download

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.