New Wave of Zoom Scams: “You’re Being Terminated”

by | May 4, 2020 | Happening Now

4 min read

Just when you thought news about Zoom, the now massively popular video conferencing app, couldn’t get worse, it does. At least this time, it’s not the fault of the company itself but rather crafty cybercriminals.

Abnormal Security reports that there is a new wave of Zoom phishing attacks impacting around 50,000 email inboxes so far. The phony emails look like legitimate invitations to join a meeting with regard to the recipient’s supposed termination. The invitation link directs victims to a phishing page where the user is asked for their log-in credentials. Any information entered then gets sent directly to the attacker.

In the past, Machado Consulting has shown you how to identify phishing emails. In the blog, we taught you that there are three criteria to check before taking any actions directed by an email. This new attack checks all three boxes. Let’s review.

First, this email includes hyperlinks, which can be a red flag, especially when the web addresses are hidden in text (“Join this Live Meeting”). Second, this attack directs recipients to take urgent action: to join the meeting about being fired. Most people would consider that pretty urgent. Finally, the sender is requesting your personal information (log-in information), which you would see if you followed the provided link to the phishing page masquerading as an official Zoom page.

Zoom has exploded in popularity recently, up from 10 million daily meeting participants in December 2019 to 200 million in March 2020. Naturally, this boost can be attributed to the rise of social distancing as an anti-coronavirus measure. People use the software for classes, meetings, family gatherings, and more.

This isn’t the first time that Zoom has made negative headlines. At the end of March, a class-action lawsuit was filed against the company for not disclosing in its privacy policy the fact that it sent personal information and data analytics to Facebook. At the same time, the FBI warned users of so-called “Zoom-bombing” attacks where individuals could disrupt meetings or classes. Even before the app took off, it was having security issues, such as this zero-day vulnerability from 2019 that let hackers launch a video-enabled call without permission.

All the commotion has led many to ban the use of Zoom, including Google, NASA, and the NYC Department of Education.

Is this new attack effective? While there is no hard data to show how many people have fallen victim, it’s likely that some people will get fooled. The message that you’re being terminated is scary, and it may cause people to not use their best judgment. Whether you’ve been using videoconferencing software for a while now or are totally unfamiliar with it, you can be susceptible. Those who are used to getting email alerts from Zoom may think this attack is just another meeting invitation (albeit a scary one), while those who are unfamiliar may not be able to tell the difference between a legitimate and a phony invitation.

So, what can you do? Well, if you’re really being terminated or considered for termination, your boss probably wouldn’t let you know in the subject line or body of a Zoom invite. But if any part of you suspects the message may be legitimate, reach out to your boss and ask them. Try not to forward the phishing email to them itself as doing so could risk more accidental exposure. Instead, a screenshot will do the trick.

Here are the three most common ways to take a screenshot:

  • Mac users can screenshot their whole screen by pressing shift, command, and 3 together (or swapping in 4 to capture just a portion of the screen).
  • On PC, you can do the same by pressing the Windows key and the print screen button at the same time.
  • Alternatively, you can use the Snipping Tool app already installed to capture just a section of your monitor. Just copy the snip to your clipboard (by pressing the paper icon) and paste into your email.

It can be hard not to fall for scams like this, especially during these challenging times when people are already afraid of losing their jobs. However, just understand that attackers are getting craftier. Spam emails for free cruises are less effective because everyone knows they’re fake, so criminals have moved to impersonating real businesses (and even people within your company itself) with targeted messages and advanced social engineering.

Take a deep breath and evaluate. Check the three criteria above. Consider the sender’s address. If it’s some jumbled together gook like “,” it’s probably nonsense.

When working from home, your time and safety and invaluable. Designing and implementing IT solutions that are right for your business and that keep remote workers from being exposed to attackers is part of the Machado Consulting process. You can read our other blogs here, and if you’re interested in getting industry-leading expertise and service, you can contact us here.


Recent Posts

Let's Talk

You have questions.
We love to listen.

Customer Support

Need help?
Your help desk is ready.

Plan a Visit

32 Franklin Street, Suite 500
Worcester, MA 01608