You're running two minutes late for a video call. You click the meeting link, and a message pops up: "Your software is out of date. Please install the latest update to join." You're in a hurry. Your team is waiting. So, you click "Download" and run the file. You just handed a hacker the keys to your computer.
Security researchers recently uncovered phishing campaigns that use fake meeting invitations for Zoom, Microsoft Teams, and Google Meet as bait. The attackers create convincing lookalike pages-complete with participant lists and familiar branding-hosted on slightly misspelled web addresses like "zoom-meet.us." When you try to join the call, you're told your app needs an urgent update. That "update" is the trap.
Here's what makes this attack especially dangerous: the file you download isn't traditional malware. It's a legitimate remote access tool-the same software an IT help desk might use to troubleshoot your computer. Because these tools are digitally signed by trusted companies, your antivirus may not flag them. Think of it as someone stealing a master key rather than picking a lock. The key works in every door, and nobody questions it because it belongs there.
Once installed, the attacker has full control of your computer. They can see your screen, transfer files, access your email, and move through your company's network-all while the software appears perfectly normal. For anyone handling wire transfers, closing documents, or sensitive client information, this kind of access could lead to wire fraud, a data breach, or worse.
The attackers are counting on one thing: your urgency. Nobody wants to hold up a meeting because their software won't work. That pressure is exactly what makes people bypass their instincts and run a file they normally wouldn't touch. Some phishing pages even show fake participants "joining" the call in real time to make it feel more believable.
Takeaways
- Never install software from a meeting link. Zoom, Teams, and Google Meet will never ask you to download an update through a meeting invite. If you see that message, close the tab. Update your apps only through the app itself or its official website.
- Check the web address before you click anything. Fake meeting pages live on URLs that are slightly misspelled or unusual. Before downloading anything, look at the address bar. If it doesn't exactly match the official domain, don't proceed.
- Join meetings through your installed app, not email links. Open Zoom, Teams, or Google Meet directly and enter the meeting ID manually. This bypasses the phishing page entirely.
- If you accidentally installed something, act fast. Disconnect from the internet, contact your IT team immediately, and do not log into any accounts until your computer has been examined.
We've trained ourselves to be suspicious of unexpected emails. Now we need that same skepticism when a meeting link asks us to install something. The few seconds it takes to verify could save you from a breach that takes months to unwind.
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------