While the coronavirus continues to wreak havoc on the economy and unemployment rates, cybercriminals have been exploiting workers’ fears to steal passwords using fake Zoom meeting invites. The invitations often use threatening language and scare tactics to lure their victims in, often saying the meeting is “mandatory” or relating to HR or payroll. Some even threaten termination for non-participation.
Like most phishing attacks, there are several red flags to be on the lookout for. Key indicators are random grammar errors and awkwardly worded sentences. If you haven’t spoken to a coworker or boss about an upcoming Zoom meeting, and the invite seems suspicious, look for misspelled words and sentences that do not read like a normal email.
Deceptive URLs (web site addresses) are another tell-tale sign of a phishing attack. Often, there will be a link in the message that takes the user to a login screen that looks very similar to real Zoom site. But look carefully at the URL – if it does not match the real Zoom domain name, then beware. Some cybercriminals will attempt to include the real URL somewhere in a false, longtail URL. If you need further clarity, click on the padlock to the left of the URL to view the SSL certificate information.
It’s important to note that hackers are not looking for your Zoom login credentials. They are after your email address and password. This potentially gives them access to all of your private and sensitive information.
Phishing attacks are not disappearing anytime soon, and as we continue to adapt to working from home and utilizing Zoom and other remote conferencing applications, use healthy skepticism to stay on guard against scams.