“Your Zoom account has been suspended” — if you received this message in an email, do not click any links. This is a phishing scam targeting remote workers and professionals. Criminals use fake Zoom suspension alerts to steal Microsoft 365 credentials and access corporate networks.
What Is the Zoom Account Suspended Scam?
Specifically, this phishing attack impersonates an official Zoom account notification email. The email claims your account has been suspended. It states you cannot join or host meetings until you click an “Activate Account” button. The button leads to a fake Microsoft 365-style login page designed to capture your email credentials. The attacker then uses these credentials to access your organisation’s network, emails, and sensitive data.
How Does the Zoom Suspended Scam Work?
Step 1: You Receive a Convincing Zoom Email
Indeed, the email appears to be from Zoom support. It includes the Zoom logo and professional formatting. It states your account has been suspended due to a policy violation or payment issue and urges immediate action.
Step 2: You Click the “Activate Account” Button
Next, the call-to-action button in the email redirects you to a fake Microsoft 365 sign-in page or a cloned Zoom login portal. The URL will not be zoom.com or zoom.us — look carefully at the address bar.
Step 3: Scammers Capture Your Credentials
Subsequently, when you enter your email and password on the fake page, scammers send the credentials sent directly to the attacker. They use these to log in to your Microsoft 365 account, read emails, and potentially access your organisation’s internal systems.
What Are the Warning Signs of This Scam?
- First, unexpected suspension notice — You had no prior warning and have been using Zoom without issues
- Second, sender email domain is not zoom.com — Check the exact sender domain carefully; scammers use addresses like zoomsupport@notification-zoom.net
- Also, urgent language — “Act immediately” or “your account will be permanently deleted” are pressure tactics
- Furthermore, link leads to a non-Zoom URL — Hover over any link before clicking to check the actual URL
How to Protect Yourself from Zoom Phishing Scams?
- Never click links in unexpected emails — If you receive a Zoom account alert, log in directly via zoom.com in your browser, not through the email link.
- Second, verify the sender domain — Legitimate Zoom emails only come from @zoom.com or @zoom.us. Any other domain is fraudulent.
- Also, enable multi-factor authentication — Even if a scammer captures your password, MFA prevents unauthorised login to your account.
- Additionally, report the email — Forward suspicious Zoom-related phishing emails to phishing@zoom.us and delete them from your inbox. This is similar to protecting against Zoom meeting invite phishing.
- Finally, educate your team — Remote workers are prime targets for credential phishing. Share awareness training about phishing prevention with colleagues.
How to Report Zoom Phishing Scam in India?
- Call the National Cyber Crime Helpline: 1930
- File a complaint at cybercrime.gov.in
- Lodge an FIR at your nearest cyber crime police station
If you accidentally submitted your credentials on a fake Zoom page, contact cyber expert Anuraag Singh immediately to assess the breach and secure your accounts.
