This post is also available in:
עברית (Hebrew)
A newly identified phishing campaign is leveraging fake Zoom meeting invites to steal corporate login credentials, using convincing visuals and urgency to manipulate targets. The scam, uncovered by cybersecurity firm Cofense, relies on a forged Zoom interface that mimics an actual meeting in progress—complete with fake video and a misleading login prompt.
The phishing attempt typically arrives via email, titled with urgent phrases such as “Critical Issue – Emergency Meeting,” designed to prompt quick reactions. Once recipients click the link, they are directed through multiple redirect layers. The initial URL appears to be tied to a legitimate service—such as Cirrus Insight, a known CRM tool—but it ultimately leads to a counterfeit Zoom page.
What makes this campaign particularly deceptive is the level of detail in the fake interface. Victims are shown what appears to be a live video feed of participants in a meeting, reinforcing the illusion that the session is real. Shortly after, a message appears indicating the connection has timed out. Users are then prompted to sign in again using their Zoom Workplace credentials.
The login screen is pre-filled with the user’s email address, increasing the likelihood that they will enter their password without suspicion. Once submitted, the credentials are sent directly to the attackers.
This type of phishing technique—combining social engineering, realistic visuals, and domain obfuscation—is becoming increasingly common. By mimicking trusted business tools like Zoom and triggering a sense of urgency, attackers can bypass even security-aware users.
Cofense reports high engagement rates with this type of scam, particularly because it appears to originate from inside the organization or through widely used productivity platforms.
Security professionals recommend heightened scrutiny of unexpected meeting invites and a zero-trust approach when dealing with login prompts outside of known platforms. Organizations are advised to use multi-factor authentication (MFA) and regularly update employees on emerging phishing tactics.
The sophistication of this campaign highlights the evolving threat landscape and the need for both technical defenses and user awareness to prevent credential theft.
