Imagine an email promising a free luxury cruise or six-figure career boost - too good to pass up. Moments later, a slick "Join Now" calendar invite lands for that exclusive webinar or dream-job interview. One click could cost you far more than wasted time.
Security firm Malwarebytes recently uncovered the ELUSIVE COMET crime group tricking victims into fake Zoom calls that installed remote-control malware and stole assets. With AI-driven phishing up 4,000 % since 2022[ref], these meeting traps are only growing more convincing.
π They lure you with exclusive webinars, dream-job interviews or "free cruise" offers
π₯ They impersonate Zoom, Teams, or Webex with near-perfect branding
π΅οΈββοΈ They slip past filters using typo-squatted domains and obfuscated code
π₯ You "join" by downloading a fake meeting client that's actually malware
π That payload installs a hidden tunnel, giving attackers remote desktop access.
π¨ To reduce the risk
- Verify invites via known channels, hover over links to confirm domains, keep meeting clients and OS patched.
- Security teams - whitelist approved meeting installers, enforce MFA on conferencing tools, and monitor for anomalous remote-access installs.