Increased reliance on video meeting technology has created opportunities for scammers. Disguised as a Zoom invite, their scam collects user login information so it can be sold to others. It is an easy trap to fall into, but there are measures you can take to help protect your company and employees.
How the Phishing Scam Works
A scammer will send an email with the Zoom logo, claiming that a video invitation is waiting. Once a user clicks on the invitation, they are redirected to a login page. These login pages look exactly like an official Zoom or Microsoft page.
They are perfectly formatted to mimic the company’s corporate style. When the user provides their username and password, their information is collected by the scammer. There are similar scams that also use Google Meet and Microsoft Teams.
Variations on the Zoom Scam
There are other forms that the Zoom scam can take. There may be emails that claim the user needs to activate their account, or that they missed a meeting. Some scams can even include claims that their account has been hacked.
They will prompt the user to reset their password, or that some sort of other support function needs to take place. While the claims may differ, they are all aimed at tricking the user into entering their login credentials.
While these phishing emails can mimic any video platform, Zoom is the most popular. Companies and individuals should take care to apply caution when interacting with any invite.
How to Avoid Getting Scammed
The Zoom invite scams work because everything looks so legitimate. The company logos are used, along with their corporate style. Everything on the email is specially designed to fool at first glance.
In addition, more people are working from home due to Covid-19; the increase in video meetings means more people are used to receiving invites. Therefore, it helps to have a healthy level of skepticism when receiving an invite.
- The first step is to consider whether you had any reason to be invited to a meeting, to begin with. The following tell-tale signs will indicate that the email could be fraudulent.
- The email display name is “Zoom Video Communications”. Zoom meeting invites are automatically generated from a user’s email; they do not come from Zoom.
- The email address itself is not the Zoom corporate domain, but some other version of it.
- The URL of the link is not actually Microsoft and often looks nothing like what could be construed as a Microsoft URL.
- Your workplace uses a different meeting tool. For example, if your work usually uses Microsoft Teams but you’ve been sent a Zoom meeting invite.
- In the cases where Zoom claims that your account has been hacked or a meeting was missed, Zoom does not send emails to individual users requesting for them to log in.
- Zoom will not automatically send users to Microsoft pages for them to log in to their Microsoft account.
Four Tools to Help Keep You Protected
There are tools that can help avoid Zoom meeting scams and other phishing scams that target the workplace. By integrating these tools into everyday work communication and procedure, you can greatly reduce the risk of falling victim to these scams. The following tools are the best for detecting scams that are attacking your email inbox.
Reverse Email Lookup
There are many tools available online to help gain more knowledge about communication being received. Many companies get their staff in the habit of using a reverse email search, especially in cases where an email address is new or unfamiliar.
When you enter an email into the tool, it performs a search providing the name, country of origin, and social media profiles associated with the email provided. This is a great way of finding out if an email is from someone who is legitimate.
Ideally, phishing emails would not reach the inbox in the first place. There are many types of phishing scams that are used these days. Many companies use email filtering gateways to protect their employees from the bulk of spam and scam emails.
It is a great way to minimize the number of fraudulent emails that employees receive. Ensuring that employees do not encounter phishing emails means that the organization will also be protected.
Some phishing emails can be difficult to protect against, even if there is heavy email filtering. Post-delivery protection is an effective tool for stopping phishing scams that are circulating within the company.
These tools use artificial intelligence to detect common formats that are used by phishing scams. Once the tool detects a phishing scam within the organization, a banner is inserted with the email warning that it could be fraudulent.
In some cases, the best line of defense will be special staff training. People within the company should know how to identify and react to potential scam emails. There are many online courses and resources available that can help give staff the understanding necessary to avoid these scams. Training employees to use discretion and sound judgment when evaluating the risk of suspicious emails is an invaluable tool.
Phishing scams are a risk for both companies and their employees. With more people working from home, there is a higher risk that people will fall victim to fraudulent crimes. With a combination of technologies and staff training, you can help ensure that your organization does not become the next victim.
Emily Andrews is the marketing communications specialist at RecordsFinder, an online public records search company. Communications specialist by day and community volunteer at night, she believes in compassion and defending the defenseless.