Zoom Meeting URLs Could Have Been Exploited For Phishing Attacks

Phishing Attacks

An problem related to the Zoom function that could have been exploited for phishing attacks to enable customization of meeting URLs, Check Point reveals.

Zoom is a video conference service that faced extensive scrutiny after being widely adopted as the communication tool of choice by numerous organizations and end-users around the world, in the midst of the COVID-19 pandemic.

According to Check Point, the recently identified security issue is related to the Zoom Vanity URL, a custom URL (e.g., companyname.zoom.us) that companies need to use when trying to allow single sign-on ( SSO).

Users rarely access the customizable vanity sites, as they usually don’t need to type in the URL for the page to access a video meeting, but click on a link given for that.

According to Check Point, an intruder seeking to exploit the discovered problem will claim to be a legitimate employee within a corporation, then send invites that appear to be coming from the Vanity URL of the company to interested individuals.

Although the invitation appears to be sent from the spoofed organization’s official Vanity URL, the URL would in fact point to a subdomain registered by the attacker with a name similar to that of the target.

The attacker may attract the user to their own meeting by manipulating the connection and trick them into handing over credentials or other sensitive information by making them believe they are actually in a meeting with someone from the targeted company.

An intruder might also target the dedicated Zoom Web interfaces that some companies use to exploit the bug by redirecting the user to a malicious Vanity URL for video conferencing.

“Without advanced cybersecurity training on how to identify the correct URL, a consumer who receives this invitation may not know that the invitation was not genuine or received from an actual or real entity,” notes Check Point.

The security firm announced that Zoom has added safeguards to ensure its users are secured.

“Since Zoom has become one of the world’s leading forms of communication for companies , governments and customers, it ‘s important that threat actors are prevented from using Zoom for criminal purposes. Working with Zoom’s security team, we have helped Zoom bring a healthier, easier and more reliable communication experience to users globally so they can take full advantage of the benefits of the service, “commented Adi Ikan, Group Manager at Check Point Research.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.