Fake Zoom Meeting Invite
Attack Trigger
Routine-looking meeting invite is opened reflexively without link inspection
What Attackers Want
Zoom credentials or malware installation via fake installer
How This Attack Works
Attackers send emails impersonating Zoom with a fake meeting invitation. Clicking "Join Meeting" redirects to a spoofed Zoom login page that harvests credentials, or prompts download of a fake Zoom installer containing malware.
Red Flags to Watch For
- ✗Sender is not from @zoom.us
- ✗Meeting link does not go to zoom.us
- ✗Installer file is not downloaded from the official zoom.us website
- ✗Meeting ID or passcode looks randomly generated with no business context
Known Malicious Domains
These domains have been associated with this attack. Never click links going to these addresses.
- zoom-meeting-invite.comMALICIOUS
- zoom-secure-join.netMALICIOUS
- zoomcall-link.comMALICIOUS
Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.
How Glance Stops This
- Domain similarity analysis catches lookalike sender addresses at millisecond speed
- SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
- VirusTotal + Google Safe Browsing checks every link in real time
- Urgency language detection scores the email higher for manual review
- Known malicious domain blocklist updated continuously from live scan data
Don't wait to get hit.
Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.
Protect My Inbox — Free