The Better Business Bureau has issued an alert regarding Zoom related phishing, in which malicious actors seek to deploy malware or steal your credentials via bogus Zoom notifications and invitations.
How the scam works:
- You may receive an email, text or social media update informing you that your Zoom account has been suspended and to click an embedded link to reactivate.
- You may also receive an electronic communication informing you that you missed a scheduled meeting, and to view details or reschedule via an embedded link.
- These messages will likely use familiar Zoom branding.
- If you click the link, the installation of malware may be triggered or you may be prompted to enter your credentials at a spoofed prompt.
Reminders & recommendations:
- Confirm the sender’s information. Zoom.com and zoom.us are the official Zoom domains. NYU Zoom meetings links will have “NYU” as the listed sub-domain and will appear as nyu.zoom.us. Other variants, even if they contain the word “Zoom” may not be legitimate.
- Never click on embedded links or open attachments in unsolicited/unexpected communications.
- When in doubt, verify the legitimacy of a communication received via a trusted phone number or via contact details on a website that you visit by typing a trusted URL into your browser’s address bar.
- Do no reuse passwords as scammers will attempt to use stolen credentials to gain access to other platforms/accounts.
If you would like to report a suspicious message or have a specific question about the legitimacy of a message, email phishing@nyu.edu.