Our video conferencing platform Zoom has seen usage grow exponentially this year. Naturally, this has attracted the attention of hackers and scammers. With a huge user base to target, con artists are using old tricks in new scams to try to steal your information.
Please be aware that there is a phishing scam currently going around via email and similar-minded smishing scam (phishing via SMS text messaging) that pretends to come from Zoom. The scammer will use Zoom branding. The scam will urge you to click on a link with a claim such as “your Zoom account has been suspended, click here to reactivate”, OR “please activate your account”, OR “you missed a meeting, click here to see the details and reschedule”.
No matter what kind of phishing or smishing message you receive, scammers hope you will click on the link they’ve included in their email or text. These links can download malware onto your computer AND/OR lead you to a page where you are prompted to enter your login information.
If the latter, you’ll arrive at a realistic, but fake Zoom login page. That fake login page is designed to get you to enter your user name and password. Scammers will use this information to log in to other services and platforms as well.
Avoid getting Scammed
Don’t click on anything! (This includes links, photos, attachments, and/or files). If you feel that this might be real, type the Zoom.us URL yourself in the URL bar and confirm that you can log in with your district Google credentials.
Always remember to double-check the sender address. Look carefully at the sender address as we are seeing return email addresses that closely mirror real email addresses. Also, please remember that mobile phones are an even bigger attack vector and smishing is on the rise. Return email addresses are harder to see when viewed on mobile devices. Often users on cell phones may be more distracted and in a hurry and scammers are hoping they won’t be paying close attention.
These steps should be followed for all email and text messages. While we all may be used to just clicking on links, we have to be careful that our behavior doesn’t help bad actors take advantage of us. If you get an unsolicited email or text and you aren’t sure who it really came from, NEVER click on any links, files, or images it may contain.
Resolve issues directly. As with Zoom warnings, if you receive an email or text stating there is a problem with your account and you aren’t sure if it is legitimate, contact the company directly. Go to the official website by typing the name in your browser and find the “Contact Support” feature to get help.
For more information
If you’ve been targeted with a phishing scam, report it at BBB.org/ScamTracker. Your reports can help limit scammers’ success in the future.