Security News > 2020 > July > Zoom's Vanity URLs Could Have Been Abused for Phishing Attacks

An issue related to the Zoom feature that allows for the customization of meeting URLs could have been exploited for phishing attacks, Check Point reveals.

The recently identified security issue, Check Point says, is related to the Zoom Vanity URL, a custom URL that organizations are required to use when looking to enable single sign-on.

Although the invitation would seem as being sent from the legitimate Vanity URL of the spoofed organization, the URL would actually point to a subdomain registered by the attacker with a name similar to the one of the target.

An attacker could also target the dedicated Zoom web interfaces that some organizations use for video conferencing to exploit the bug by redirecting the user to a malicious Vanity URL. "Without particular cybersecurity training on how to recognize the appropriate URL, a user receiving this invitation may not recognize that the invitation was not genuine or issued from an actual or real organization," Check Point notes.

"Because Zoom has become one of the world's leading communication channels for businesses, governments and consumers, it's critical that threat actors are prevented from exploiting Zoom for criminal purposes. Working together with Zoom's security team, we have helped Zoom provide users globally with a safer, simpler and trusted communication experience so they can take full advantage of the service's benefits," Adi Ikan, Group Manager at Check Point Research, commented.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/8GGueR0V1yM/zooms-vanity-urls-could-have-been-abused-phishing-attacks