%20cropped.jpg)
Hackers are having a field day with all the remote work going on these days. With millions of people using Teams, Zoom, or Google Meet every day, con artists are impersonating these online collaboration tools to fool people into:
- Clicking malicious links that will download malware
- Entering their username and password into a fake site
A Growing Threat
All a hacker needs to do is paste in a copy of the company’s logo, write up a convincing message, and create a false domain to send it from, and voila – you’ve got a phishing email.
According to Check Point Software Technologies, more than 16,000 Zoom-related domains were registered between late April and early December in 2020. Hackers are creating fake domains for Teams and Google Meet, too. By creating domain names that include the word “Teams” or “Zoom,” they can send phishing emails that look like they’re coming from the actual company.
While not everyone will fall for these phishing emails, considering Zoom boasts 300 million meeting participants a day (and Teams has 200 million), even fooling just 1% of those users can be very profitable for a hacker.
So how can you protect yourself from these sly scams? The Better Business Bureau shares these three tips for avoiding a Zoom, Teams, or Google Meet phishing attack.
Double Check the Sender’s Information
Who is the email supposedly coming from? For example, Zoom.com and Zoom.us are the only official domains for Zoom. But hackers are crafty and can create domains that are nearly identical to the real domains for their Zoom, Teams, and Google Meet phishing ploys. For example, one of the fake Google domains being used is “Googelmeets/.com.” If you don’t look closely, you might be fooled.
If an email comes from a similar looking domain that doesn’t quite match the official domain name, it’s probably a scam. Not sure if the email sender is legit? Hit the reply button and see what auto-populates as the actual return address. If it doesn’t match the original “from” address, don’t trust it.
Never Click on Links in Unsolicited Emails
Phishing scams want you to click on a link or file that will download dangerous malware onto your computer. If you get an unsolicited email and you aren’t sure who it really came from, DO NOT click on any links, files, or images it contains.
One example of a Teams phishing scam says: “You’ve been added to a team in Microsoft Teams” and asks you to click a malicious link to open Teams. Hovering over links with your mouse will show you the true URL it’s pointing to. The actual link to Teams is https://teams.microsoft.com/l/team. Anything else is a fake URL.
Resolve Issues Directly
If you receive an email saying there’s a problem with your account and you aren’t sure if it’s genuine, contact Zoom, Microsoft, or Google directly. Go to their official website by typing their web address into your browser.
For Teams: www.support.microsoft.com
For Zoom: https://support.zoom.us/hc/en-us
For Google Meet: www.support.google.com
More Resources
Don't Get Hooked: How to Prevent Phishing Attacks
