Warning: Not All Zoom Invitations Can Be Trusted

With the global Covid-19 pandemic still in full swing and millions of people working from home, technology has become even more important for keeping in touch and staying connected, both with family members and with contacts and teams from your job. However, hackers and bad actors are doing their best to abuse this situation and are using all sorts of scams and frauds to infect and steal data from unsuspecting victims. With video conferencing being used more than ever in the current situation, bad actors are trying to abuse this facet of technology as well.

Fake Invites Show Up in Your Inbox

Google Meet and Zoom are among the platforms targeted by hackers to spread their scams. Eva Velasquez, a representative of the US Identity Theft Resource Center, stated that with so many Zoom invitations in people's email inboxes, it's more or less inevitable that a lot of scams will also slip in there, among legitimate invites.

The fake invitations show up in victims' inboxes and appear to be normal invites, but will really redirect to a malicious site that will attempt to collect your personal information. A very big factor in the popularity of fake Zoom invitations is that the software has a lot of new users due to the pandemic and a lot of them are likely not familiar with it and will have a much harder time telling a real invite from a fake one.

What to Do if You Are Not Sure About a Zoom Invitation?

There are a number of signs that should warn users against clicking on potentially fake invitations. First and foremost, an unexpected invitation to a meeting that was never discussed or scheduled in advance is a big red sign. The best advice in this case is to verify the meeting with superiors or co-workers and to assume it's a scam before you receive confirmation.

Another way to stay safe is to always hover over any links in the invitation before clicking them and check the URL that shows up in the browser's status bar. Following the surge in scams and fake Zoom invites, Zoom officially stated that any links that are genuine and are from their service should only contain three domain links:

* Zoom.com
* Zoom.us
* Zoom.com.cn

If the URL that shows up in your browser's status bar starts with a different domain name, this is a very clear sign that the email is fake and someone is trying to scam you and redirect you to a malicious website that will potentially collect sensitive data or infect your system. It's a good practice to always check links on hover, no matter where you are on the web, but in this case, with Zoom specifically listing their three official and legitimate domains, this is a very easy and quick check users should make. Any spelling errors, missing or additional letters in the domain names are also indication of a scam.

Checking the email address of the party that sent the invitation in the first place is also a good way to tell if it's a fake invite. Company names and email addresses you don't recognize should serve as immediate red flags and warn you against clicking anything in the email. Sometimes bad actors mimic real brand and company names, but make small changes to the spelling that you could miss at a quick glance, so it's always worth it to carefully read both the invitation sender's email and any URLs that show up when you hover on any links.

In closing, Velasquez advised that it is much better to simply not click anything in a conference call invite, whether it's over Zoom or Google Meet, if you are unsure about it and first double check everything, rather than fall for the scam and end up on a dangerous web page.

September 9, 2020

Leave a Reply