Zoom Invitation Phishing Alert
A new string of phishing attacks is using Zoom Video Conferencing imagery in an attempt to steal your Microsoft 365 Credentials. The email will have a display name of “Zoom Video Communications” and a subject line of “Zoom Video Conferencing Invitation” or “Details for Zoom Call Today. As shown in the picture below, the message looks very convincing.
Selecting the “Review Invitation” button will redirect users to a spoofed Microsoft 365 login page, requesting to “Sign in to Zoom with your Microsoft 365 account.” After entering your credentials twice, the spoofed website will state the call is canceled and redirect users to the Zoom homepage.
To spot this phishing attempt, review the sender’s email address and the URL of the “Review Invitation” link, which does not include a Zoom hosted domain. Both will consist of random letters and characters that look suspicious. If the email looks “Phishy,” trust your gut and question its authenticity.
WHY THIS MATTERS
- Zoom users need to be to ensure that privacy and security settings are correctly configured to prevent hackers from accessing the Zoom account or meetings.
- Also, Zoom users need to beware of a new phishing email campaign being conducted outside of the Zoom domain.
- Fraudsters are taking advantage of Zoom users via phishing emails seeking to steal Microsoft 365 login credentials outside of the Zoom domain.
- User vigilance is the name of the game when it comes to scrutinizing your emails -- for example, Zoom, Teams, or Windows 10.
TAKEAWAYS
- Users must implement privacy and security measures now:
- Question and validate all email requests from Zoom, reviewing URL, and email addresses.
- If Zoom redirects you to Microsoft 365, do not enter credentials. Zoom is not integrated with Microsoft 365, outside of Microsoft Outlook Add-ins.
- Implement Multi-Factor Authentication, which can block cybercriminal from accessing your Microsoft 365 account, even if they have your login credentials.
- Update your security software and spam filters ASAP.
Stand-Alone Cyber Insurance Solutions
Stand-Alone Cyber Insurance is your go-to option when you are looking to transfer some of your residual risk (that cannot be adequately mitigated):
- Social engineering, Funds Transfer Fraud, and Invoice Manipulation coverage
- Ransomware or cyber extortion coverage, including ransom payments and/or data recovery
- Data breach coverage, including direct first-party losses and third-party liability and damages
- Business interruption coverage, including loss of profits and extra expenses incurred during a shutdown of your computer network.
- Employee training and educational tools to help prevent attacks and protect your network/data