Targeted Phishing Campaigns against Zoom Meetings

With the increase of remote work, software that allows remote meetings like Zoom have skyrocketed in popularity. Cybercriminals have noticed this and have begun registering fake Zoom domains to use in phishing. As Zoom is estimated to be used by over 60% of Fortune 500 organizations, this is prime for cybercriminals to take advantage of given Global Events.

Users are reminded to be cautious around emails, especially ones from unknown senders or ones that are unexpected. Users should carefully verify the sender and be mindful of grammar and spelling mistakes as these can be signs of a phishing email.  Unknown attachments and URLs should be avoided and treated with extreme caution.

Zoom has taken measures to harden meetings as a result of reported abuse. They have removed a feature that indicates if a meeting is valid, enabled passwords to all scheduled meetings by default, and block repeated attempts to scan for meeting IDs.