Zoom Phishing Scams On the Rise Thanks to the Pandemic

The global pandemic has unleashed several changes upon the world, from the work-from-home revolution to the phrase “social distancing,” and now, Zoom phishing.


Bridget Clerkin
Updated 10 May 2021
Zoom Phishing Scams On the Rise Thanks to the Pandemic

Phishing Statistics 2021


90% of data breaches are caused by phishing
3.4 billion phishing emails are sent every day

1.4 million phishing websites are created every month

Source: Digital InTheRound, 2021

“Zoom phishing” is one of the latest scams to run rampant in the age of corona. Scammers create fake Zoom emails with fake meeting links, which take you to an unsafe website where your information can be hacked.

Despite being created in 2011, Zoom was barely known before the coronavirus kept legions of employees out of the office. But the application shot to nearly overnight success as the switch to the home office became more than temporary, and the need to communicate grew virtually.

The idea to exploit the app grew almost as instantly. According to the Better Business Bureau, more than 2,449 fake Zoom-related internet domains were registered in the first two months of the pandemic alone. (More recent counts put that number at more than 16,000 as of December 2020.) Those fraudulent websites help the emails pass off as legitimate, coupled with sophisticated graphics and layouts that mimic the real thing.

Some emails may allege that there’s something wrong with your Zoom account. Some may tell you that you missed a meeting. While others will “welcome” you to Zoom, asking you to click on the link to join. All three types of emails are scams.

The links in question may download malware on your computer, which can allow scammers to spy on you. They may also send you to a page that asks for sensitive details, such as your log-in name and password. This information can be used in various ways, including identity theft, which is a federal crime.

One of the best ways to protect yourself against these schemes is by hovering the mouse over the link before clicking it. This should let you check the URL connected to the link. Official Zoom information will only direct back to the domains “Zoom.com” or “Zoom.us.”

If the email tells you there’s something wrong with your account and you want to double-check, the best route to take is going to Zoom’s website directly, never by clicking the link. If the email includes an unsolicited invite, you may want to reach out first to the person who supposedly sent it to determine whether the link is legitimate.

And even with the most sophisticated scams, the tell-tale red flags remain, such as:

  • Grammatical errors
  • Strange sentence structures
  • Incorrect information

“Zoom takes security very seriously,” the company said in a public statement. “Since phishing emails often try to appear to be from known companies, we encourage users of all platforms to be extra cautious around emails from outside parties.”

If you’ve received an email you believe to be part of a Zoom phishing scam, you can report it to the U.S. Anti-Phishing Working Group at [email protected].

Comments