Beware of Zoom Phishing Campaign that Threatens Employees Contracts will be Suspended or Terminated

A new zoom phishing campaign observed asking recipients to hitch a zoom meeting that threatens employees that their contracts are going to be either suspended or terminated.

The recipients are presented with a fake Zoom login page that asks recipients to input the login credentials.

Zoom is a web video communication platform that has features like video conferencing, online meetings, chat, and mobile collaboration.

Zoom Phishing Campaign

According to security researchers from Abnormal Security, quite 50,000 has been targeted. The campaign primarily targeted employees using Office 365.

Phishing Email


With the campaign, the attacker impersonates Zoom by convincing the recipients to succeed in the fake landing page that mimics the notifications from Zoom.
The email contains a link with a fake login page “zoom-emergency.myftp[.]org” and therefore the phishing domain hidden with the button like “Join this Live Meeting”.

Fake Login Page



Once the victim enters the login credentials the small print are going to be sent to the fake Zoom server controlled by attackers.

The email mimics as a reminder for meeting with HR regarding the termination, it creates a panic when the victims read the e-mail , and hurriedly tries to hitch the meeting.

Threat actors crafted the e-mail to be legitimate Zoom notification and therefore the fake login also formatted sort of a legitimate meeting reminder commonly employed by Zoom, reads Abnormal Security blog post.

“Frequent Zoom users would check out the login page, think their session has expired, and plan to check in again. they might be more likely to input their login credentials on faith the abnormalities within the phishing page.”

A Couple of days before a replacement Zoom flaw lets hackers record Zoom meeting sessions and to capture the chat text without the knowledge of meeting participants’ albeit host disables recording option for the participants.

Cybercriminals still use the Coronavirus outbreak to launch various attacks like malware, phishing, fraud, and disinformation campaigns.

In the current situation, most of the organization has been closed and therefore the employees are given options to figure from home. therefore the RDP and therefore the video communication platforms are heavily targeted by attackers.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.