Called to an urgent Zoom meeting with HR? It might be a phishing attack

Called to an urgent Zoom meeting with HR? It might be a phishing attack

Bad enough that people have found themselves trying to work from home for the first time in their lives, perching their laptop on the end of the sofa.

Stressful enough that they’re having to remain productive while overseeing their kids attending remote school lessons, battling the frustrations of Google Classroom.

Challenging enough to keep the household something approaching sane whilst having a video conference call with those colleagues who haven’t been furloughed (yet).

Sign up to our free newsletter.
Security news, advice, and tips.

With all this going on, you certainly aren’t going to feel good about an email arriving from your company’s HR team asking you to join a Zoom meeting immediately to discuss your Q1 performance with the topic “Contract suspension / Termination Trial”

That would be pretty ominous wouldn’t it?

As the researchers at Abnormal Security describe, computer users are being targeted with phishing emails that have adopted just that disguise.

Zoom phishing email c19

The risk, of course, is that employees working from home for the Coronavirus pandemic lockdown will all-too-quickly believe they have received a genuine invitation to a video meeting with HR, click on the link to a fake Zoom webpage, and hand their corporate email login credentials over to criminals.

Zoom phishing login

Remember – there is no legitimate reason for Zoom to ask for your email address password.

Don’t be too quick to click. Cybercriminals are exploiting the Coronavirus pandemic with social engineering techniques to trick unsuspecting users into clicking on malicious links.

Stay safe out there.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Called to an urgent Zoom meeting with HR? It might be a phishing attack”

  1. Tim

    I notice you can join a meeting and dont need "signinup" either.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.