During the holiday season, phishing scams usually disguise themselves as delivery or credit card companies.
You know the drill: you receive an email with an official-looking logo that tells you the delivery company has been unable to deliver your package or your credit card has been revoked. The scammer hopes that just enough people who are expecting a package or have made a lot of credit card purchases will see the message and overreact.
But in this year of the coronavirus (COVID-19) pandemic, scammers have another weapon in their arsenal. So many people are using Zoom to communicate with school, the office, and family that a message saying your Zoom account is being canceled is enough to induce panic.
Consumer authorities report a surge of reports of this kind of scheme. A social media message or a text includes Zoom’s logo and contains a message saying something like, “Your Zoom account has been suspended. Click here to reactivate.”
Several different versions
Other versions of the scam use the message “You missed a meeting, click here to see the details and reschedule.” In either case, the sender wants you to click on the link in the message because doing so will download malware onto your device.
According to the Better Business Bureau (BBB), scammers registered more than 2,449 Zoom-related domains from late April to early May. They’ve been using them ever since to bombard unsuspecting consumers with bogus emails.
While these scammers aren’t trying to steal money or your identity -- at least not directly -- they are seeking to take control of your computer, which could actually be worse. Once inside they might be able to help themselves to your bank account or steal enough personal data to steal your identity.
A key logger would be able to watch everything you do with your device. Entering your username and password gives scammers access to your account and any other account that uses a similar login and password combination.
Dos and don’ts
To avoid this, think before you react to any unexpected email. It may say it’s from Zoom, but it probably isn’t.
Look carefully at the domain address. It should say either Zoom.com or Zoom.us. Anything else, and it’s not an official communication.
Make it a rule to never click on links contained in unsolicited emails. When in doubt, use a search engine to get to the company’s website. They all have a “contact us” page where you can ask if the communication is real. Without clicking any links, copy and paste the contents of the email into the “contact us” form.
If you think there may be a legitimate issue with your account, contact the company directly by going to its website by either typing in the URL or doing a search. Don’t click on the link in the email.