Redazione RHC : 29 July 2025 09:52
A phishing attack that mimics an urgent Zoom meeting is being used by cybercriminals to steal corporate credentials, using a fake interface so realistic it’s nearly indistinguishable from a real video conference. Cofense, the company that discovered the campaign, says it uses an alarming email subject line, such as “Critical Situation – Emergency Meeting,” to trick recipients into immediately clicking the link.
After clicking the link, the user sees what appears to be a connection to the meeting. For a while, he even sees a fake “joining meeting” animation and a video interface with images of supposedly already-present participants—some waving, some nodding.
But then comes the best part: a connection error message appears and a request to rejoin.
The fake Zoom Workplace login form automatically fills in the victim’s company email address, further enhancing the appearance of authenticity. The entered data is immediately forwarded to the attackers.
The attack was notable for its use of a link obfuscation technique: the redirect chain begins with the address of the legitimate Cirrus Insight CRM platform, but ultimately leads to a fake Zoom page hosted on an inconspicuous cloud domain.
The creators of this scheme hope that the combination of authenticity Visual, pre-populated data, and a sense of urgency reduce suspicion and lead to rapid transfer of logins and passwords. Cofense emphasizes that such attacks are particularly effective when they mimic corporate communications or familiar business tools, such as Zoom, Teams, Slack, and others. The high click-through rate of these emails is due to the fact that they integrate into everyday processes, without causing anxiety in recipients.
Similar approaches involving fake video conferences or login forms have been used before, but this campaign takes their sophistication to new levels. Animations, smooth screen transitions, and visual elements of the real Zoom interface make the attack nearly indistinguishable from a legitimate meeting connection. This is particularly dangerous in a hybrid work environment where Zoom has become an integral part of business operations.
Experts recommend that organizations further educate employees about such scenarios, strengthen email filtering, and limit the possibility of redirects to external resources using internal security policies. It’s also important to regularly check the authenticity of URLs used and, if in doubt, open links manually rather than clicking on them.
As always, human risk awareness is the most important weapon to develop!
Redazione