New Phishing Attack Mimic as Zoom Meeting Invites to Steal Login Details
Summary:
A new phishing campaign is exploiting Zoom’s widespread use in corporate settings to steal user credentials by sending fake meeting invitations that appear to come from colleagues. These emails are designed to look like legitimate Zoom notifications, featuring familiar branding, professional language, and urgent subject lines such as “Urgent Meeting Request” or “Missed Zoom Call.” The goal is to create a sense of urgency, prompting recipients to click on malicious links without thinking. Once clicked, victims are redirected to a fake Zoom interface, often featuring pre-recorded video clips of colleagues in what seems like a live meeting, further increasing the illusion of authenticity. This deception preys on the busy, multitasking nature of professionals, pushing them to act quickly without verifying the legitimacy of the request.
The attack process is highly sophisticated, involving multiple stages to maximize effectiveness. After clicking the malicious link, victims are presented with a loading screen that mimics Zoom’s interface, followed by the fake meeting video. When the victim is tricked into thinking the meeting has started, they receive a fake disconnection notification and are then prompted to enter their Zoom credentials on a fraudulent login page. The stolen login information is sent in real-time to attackers via Telegram API endpoints, using multiple domains and bypassing common security controls.
Security Officer Comments:
The latest campaign was identified by SpiderLabs researchers in May 2025 and preys upon Zoom’s popularity as a tool for remote communication, particularly in professional environments. Its widespread adoption means users are frequently interacting with meeting invitations, making it a prime target for phishing attacks. Zoom’s trusted reputation and familiar interface make it easy for cybercriminals to create convincing fake meeting requests that exploit users' reliance on the platform for daily work. Additionally, the sense of urgency often associated with business communications, such as missed calls or urgent meetings, further encourages victims to act quickly without thoroughly verifying the legitimacy of links or invitations, increasing the likelihood of successful credential theft.
Suggested Corrections:
Organizations should implement multi-factor authentication for Zoom accounts, making it harder for attackers to misuse stolen credentials. Employees should also be trained to recognize phishing attempts, especially those involving urgent or unsolicited meeting requests, and encouraged to verify any unexpected invitations through official channels before clicking on links.
Link(s):
https://cybersecuritynews.com/new-phishing-attack-mimic-as-zoom-meeting-invites/
A new phishing campaign is exploiting Zoom’s widespread use in corporate settings to steal user credentials by sending fake meeting invitations that appear to come from colleagues. These emails are designed to look like legitimate Zoom notifications, featuring familiar branding, professional language, and urgent subject lines such as “Urgent Meeting Request” or “Missed Zoom Call.” The goal is to create a sense of urgency, prompting recipients to click on malicious links without thinking. Once clicked, victims are redirected to a fake Zoom interface, often featuring pre-recorded video clips of colleagues in what seems like a live meeting, further increasing the illusion of authenticity. This deception preys on the busy, multitasking nature of professionals, pushing them to act quickly without verifying the legitimacy of the request.
The attack process is highly sophisticated, involving multiple stages to maximize effectiveness. After clicking the malicious link, victims are presented with a loading screen that mimics Zoom’s interface, followed by the fake meeting video. When the victim is tricked into thinking the meeting has started, they receive a fake disconnection notification and are then prompted to enter their Zoom credentials on a fraudulent login page. The stolen login information is sent in real-time to attackers via Telegram API endpoints, using multiple domains and bypassing common security controls.
Security Officer Comments:
The latest campaign was identified by SpiderLabs researchers in May 2025 and preys upon Zoom’s popularity as a tool for remote communication, particularly in professional environments. Its widespread adoption means users are frequently interacting with meeting invitations, making it a prime target for phishing attacks. Zoom’s trusted reputation and familiar interface make it easy for cybercriminals to create convincing fake meeting requests that exploit users' reliance on the platform for daily work. Additionally, the sense of urgency often associated with business communications, such as missed calls or urgent meetings, further encourages victims to act quickly without thoroughly verifying the legitimacy of links or invitations, increasing the likelihood of successful credential theft.
Suggested Corrections:
Organizations should implement multi-factor authentication for Zoom accounts, making it harder for attackers to misuse stolen credentials. Employees should also be trained to recognize phishing attempts, especially those involving urgent or unsolicited meeting requests, and encouraged to verify any unexpected invitations through official channels before clicking on links.
Link(s):
https://cybersecuritynews.com/new-phishing-attack-mimic-as-zoom-meeting-invites/