Hackers are spoofing Zoom, Microsoft Teams and Google Meet

Padlock being lifted by a fishing hook on a blue background to symbolise phishing attacks
(Image credit: Shutterstock)

According to a new report from Check Point Research, hackers have registered domains that allow them to create URLs related to Zoom, Microsoft Teams and Google Meet.

As more and more people move to video conferencing services during the pandemic, hackers can use these domains to pose as official links, potentially tricking users into downloading malware or giving a threat actor access to personal data.

As remote work has become the norm for many, Check Point Research has found that in the last three weeks, nearly 2,500 new Zoom-related domains have been registered. Check Point has cited approximately 1.5% of these domains as malicious by while another 13% are suspicious.

Microsoft Teams- and Google Meet-related domains have been used to lure in unsuspecting victims too. Check Point Research claims many victims fell prey to phishing emails with the subject line “You have been added to a team in Microsoft Teams.”

The emails included a malicious URL and tricked users into downloading malware when clicking the “Open Microsoft Teams” icon. When it comes to Google Meet, hackers have used fake domains like Googelmeets\.com.

Regardless of which platform they’re impersonating, Check Point Research notes a 30% increase in coronavirus-related attacks when compared to previous weeks. The group noted that as the pandemic has progressed, so have the domains and phishing scams related to it.

At the beginning of the outbreak, domains related to coronavirus symptoms were common, but Check Point Research has noted a shift toward domains focused on relief packages and stimulus payments.

Fortunately, users can protect themselves from these phishing attacks. Check Point Research warns users to beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email addresses.

The group also warns against opening files received from unknown senders and urges users to beware of any special offers related to the coronavirus and any potential treatments or cures.