Called to an urgent Zoom meeting with HR? It might be a phishing attack

Graham Cluley
@gcluley

Bad enough that people have found themselves trying to work from home for the first time in their lives, perching their laptop on the end of the sofa.

Stressful enough that they’re having to remain productive while overseeing their kids attending remote school lessons, battling the frustrations of Google Classroom.

Challenging enough to keep the household something approaching sane whilst having a video conference call with those colleagues who haven’t been furloughed (yet).

Sign up to our newsletter
Security news, advice, and tips.

With all this going on, you certainly aren’t going to feel good about an email arriving from your company’s HR team asking you to join a Zoom meeting immediately to discuss your Q1 performance with the topic “Contract suspension / Termination Trial”

That would be pretty ominous wouldn’t it?

As the researchers at Abnormal Security describe, computer users are being targeted with phishing emails that have adopted just that disguise.

The risk, of course, is that employees working from home for the Coronavirus pandemic lockdown will all-too-quickly believe they have received a genuine invitation to a video meeting with HR, click on the link to a fake Zoom webpage, and hand their corporate email login credentials over to criminals.

Remember – there is no legitimate reason for Zoom to ask for your email address password.

Don’t be too quick to click. Cybercriminals are exploiting the Coronavirus pandemic with social engineering techniques to trick unsuspecting users into clicking on malicious links.

Stay safe out there.


Author: Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One thought on “Called to an urgent Zoom meeting with HR? It might be a phishing attack”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.