Zoom meeting invite phishing is a scam where criminals send fake Zoom notifications — such as a “missed meeting” alert — to trick you into clicking a malicious link that leads to a fake login page designed to steal your work email credentials. These attacks target remote workers and have become increasingly common.
What Is Zoom Meeting Invite Phishing?
This phishing attack impersonates a Zoom notification email, typically claiming you missed a meeting or that your account requires attention. The email creates urgency by warning that access will expire within 48 hours. When you click the link, you land on a fake Zoom sign-in page that looks identical to the real one but harvests your business email and password. Attackers then sell these credentials on the dark web. They may also use them to access your organisation’s systems. This is similar to the Zoom account suspended scam but uses missed meeting alerts instead.
How Does Zoom Meeting Invite Phishing Work?
Step 1: You Receive a Fake Zoom Email
An email arrives claiming you missed an important Zoom meeting and urging you to click a button to review the recording or join a follow-up call. The email uses Zoom’s logo and branding but originates from a domain that is not zoom.com or zoom.us.
Step 2: The Scammer Creates Urgency
The message states that the recording or invitation link will expire in 48 hours, pressuring you to act immediately without verifying the sender.
Step 3: Fake Login Page
The link directs you to a cloned Zoom login page. Look carefully — warning signs include a strange URL, broken links in the footer, and slightly misspelled instructions.
Step 4: The Attacker Steals Your Credentials
You enter your business email and password. The attacker captures these in real time and uses them immediately to access your email, internal systems, or Microsoft 365 account.
How to Prevent Zoom Meeting Invite Phishing?
- First, verify the sender domain carefully — Zoom’s legitimate emails only come from @zoom.com or @zoom.us. Any other domain is fraudulent regardless of how convincing the branding looks.
- Also, never click links in unsolicited emails — Access Zoom directly at zoom.com via your browser, not through links in emails or messages.
- Remember, Zoom never emails you about missed meetings — Zoom does not send emails telling users to log in because of missed meetings or compromised accounts. Any such email is a phishing attempt.
- Furthermore, check the URL before entering credentials — Hover over any link before clicking to preview the destination URL. Scammers often host fake pages on unrelated domains.
- Additionally, enable multi-factor authentication — Even if attackers capture your password, MFA prevents them from logging into your account without the second factor.
- Moreover, contact Zoom directly for account issues — If you are concerned about your account, navigate to zoom.com and use the official support portal. Never trust the contact information in a suspicious email.
How to Report Zoom Phishing in India?
- Forward the phishing email to phishing@zoom.us
- Call the National Cyber Crime Helpline: 1930
- File a complaint at cybercrime.gov.in
- Lodge an FIR at your nearest cyber crime police station
If you submitted credentials on a fake Zoom page, contact cyber expert Anuraag Singh immediately to assess the breach and secure your accounts.
