A phishing campaign circulates that targets victims with fake Zoom meeting invites from colleagues.
Links open what appears to be a live Zoom meeting with ‘real’ participants – which are pre-recorded videos of fake participants
Invite emails imply urgency with carefully constructed subject lines and meeting details – and closely mimic legitimate Zoom invites.
Malicious login pages look legitimate but are there to harvest the victim’s UVic credentials.
The Information Security Office suggests:
Report suspicious emails: If you receive a questionable Zoom invite, report it by the “phishing” button in Outlook to help prevent further attacks.
Verify the sender: Always check the email address carefully. Scammers often use addresses that look similar to legitimate ones but contain subtle misspellings or extra characters.
Avoid clicking on links: Instead of clicking directly, hover over the link to inspect the full URL. If in doubt, navigate to Zoom manually by typing its official website into your browser.
Be wary of urgency tactics: Phishing emails often create a sense of urgency to pressure victims into acting quickly. If an invite seems rushed or unexpected, take a moment to verify its legitimacy.
Check for inconsistencies: Look for spelling errors, unusual formatting, or odd phrasing in the email. Legitimate Zoom invites are typically well-structured and free of mistakes.
