How Zoom is being exploited for phishing attacks

Bianca Gonzalez
January 9, 2023 by
Bianca Gonzalez

With so many of us depending on Zoom to work from home, cybercriminals are increasingly sending fake meeting invitations to dupe employees. Learn how easy it is to create a Zoom phishing email in this episode of Cyber Work Applied with Infosec Principal Security Researcher Keatron Evans.

Inside a Zoom phishing campaign

Since the start of COVID, millions of people have depended on Zoom for work-from-home meetings. In this episode of Cyber Work Applied, Keatron explains how threat actors are creating successful phishing campaigns by exploiting Zoom.

Cyber Work listeners get free cybersecurity training resources. Click below to get your free courses and other materials.

Free Cybersecurity Training

How Zoom phishing attacks work

The edited transcript of Keatron’s Zoom phishing attack walkthrough is provided below.

How threat actors leverage Zoom

(0:00- 0:18) Hi, I'm Keatron Evans. It's not a secret that one of the most popular tools to surface since COVID started is Zoom. In this video, I'm going to show you how threat actors are using its popularity in a very successful phishing campaign. Let's dive in.

Creating a Zoom phishing email

(0:19- 1:30) I recently talked to a CFO who is a victim of this attack, and she told me that on average, she receives about 15 Zoom meeting invites per day, which makes it difficult for her to think about not accepting one. Let me show you how it's done.

What I've done here is I've already set up a fake copy of the Zoom website using the Social-Engineer Toolkit (SET). And if you want to see how to do that, you can watch some of our other free videos on using SET.

Two year's worth of NIST-aligned training

Two year's worth of NIST-aligned training

Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.

So what I'm going to do now is log into an email account and forward — or send a Zoom meeting invite to our unknowing victim here. I'm going to log into the Keatron Hacks Gmail account here.

Here's the Zoom meeting and I'm simply going to forward this Zoom meeting request to our victim. So there's our Zoom meeting there. Simple enough — looks just like a regular Zoom meeting.

Sending fake Zoom meeting to victim

(1:31- 2:14) I'm going to forward that meeting request to our intended victim, Bob Vance.

So we sent it to Bob Vance. Now we're going to be the victim. We're going to go to Bob Vance's computer and see what Bob Vance sees in his email.

What you see here is a typical Zoom meeting invite email. This is a meeting invite to Bob Vance, Vance Refrigeration, from Keatron Hacks. And it's just got the link here to the Zoom meeting.

Victim clicks on Zoom meeting phishing link

(2:15- 3:21) Now as soon as Bob clicks this link, watch what happens. Bob's going to click the link, and it appears not much is going on except the browser's turning, but let's go look at the attacker side.

Waiting over here, the attacker had a fake copy of Zoom, which actually loaded malicious code. And what you're seeing here is the attacker's view of what Bob got just from clicking on that link. So now as the attacker, I can simply jump into that session, take a screenshot to prove that we now own Bob's machine.

So think about that for a second. The only thing Bob did was open his email, click on that Zoom meeting invite like he does every single day when he has to go to the Zoom meetings, and as a result of that, the lowly attacker now has complete control of Bob's machine.

This is why you really need to be careful when you're blindly clicking on those Zoom meeting invites, make sure that it's from someone who you think it's supposed to be from. Hope you enjoyed that.

More cybersecurity training resources

Want more free resources? Check out the weekly Cyber Work Podcast for in-depth conversations with cybersecurity practitioners and industry thought leaders.

Cyber Work listeners also get other free cybersecurity training resources. Check out the latest free courses and resources to keep learning!

Free Cybersecurity Training

Bianca Gonzalez
Bianca Gonzalez

Bianca Gonzalez is a writer, researcher and queer Latina brain cancer survivor who specializes in inclusive B2B insights and multicultural marketing. She completed over 400 hours of community service as a college student.