Phishing and online video conferencing - Is your meeting invite safe to click?
Online video conferencing has rapidly become a new standard for work, school, and even socializing with friends and family. For that reason, hackers have begun tapping into this opportunity by using video meeting invites to disguise malicious sites and software.
Before you click on your next meeting invitation, make sure you follow these best practices to keep yourself safe.
Protect your device and network
As cybercriminals continue to grow more sophisticated with their techniques and execution, it's essential that you install trusted antivirus software to help protect your devices from malware, spyware, and other schemes.
Choose an antivirus solution that covers all devices, including your smartphone, and one that offers protection for your entire network. Without adequate network protection, commonly unprotected devices (such as printers) can be exploited by bad actors and used to intercept and infect your computers and phones.
Once you create that additional layer of security around your devices and network, you'll be that much safer as you browse the web, even if you do accidentally open a phishing email or click on an illegitimate meeting invite.
Don't fall victim to social engineering
You should always take a quick peek at your antivirus software and make sure it is up-to-date and activated, especially before opening any emails. Of course, software alone cannot fully protect you from threats. In order to avoid being a phishing victim, you have to be proactive and intentional about potential schemes.
While most of us are conditioned to work quickly and efficiently, this can only work against you when you're being targeted by a hacker. Always slow down to check the sender's name, event details, and any message included with your video invitations. If something feels off, don't click.
Social engineering is something hackers often rely on heavily. They assume that you'll see the name of your company or friend and blindly trust whatever link they've included in the email. To fully protect yourself, you have to be conscious of every detail.
Scan links before clicking
Even if a meeting invite does not stand out to you for any obvious reasons, another good habit you should get into is scanning all links before clicking on them. This starts with a visual scan where you'll hover over any link to see where the actual destination will take you.
If the destination URL does not match where you thought it would take you, or if the destination URL is disguised by a third-party link shortener (like bit.ly or TinyURL), don't click on it. Instead, use a link scanning tool that will check the link for you. These tools will tell you where the link actually leads and whether any files would be downloaded when you click on it.
These tools can save you from accidentally downloading malicious software or sharing information on a spam site that's disguising itself as something else.
Never install software linked in an email
Some meeting services do require you to download software in order to attend the video conference, but you should never download software that's linked in or attached to an email. Instead, you should manually navigate to the software provider's website to ensure you're using a legitimate link.
If an email attaches a software file or tries to direct you to a download link, do not click it. Additionally, don't let legitimate information—like footers, company phone numbers, or links to actual help pages—fool you into thinking an email is real. Hackers often include links to real help pages on a given site to help convince you that their links or files are legitimate.
In the event that you download software from an untrusted source, run a virus scanner on your device and network right away. These scanners will quarantine any suspicious files and help you remove them.
Always use secure meeting passwords
If you happen to be creating a meeting that you wish to invite others to, get in the habit of securing all of your meetings with a password or meeting ID. This helps prevent bad actors from gaining access to the meeting, helping to keep all attendees safe. Additionally, you can set up a lobby or waiting room so that you have to manually approve anyone who tries to attend the meeting.
As a meeting creator, you should also follow some other best practices to help your fellow attendees:
- Set a standard of clear communication. Let your co-workers or friends know that you'll never invite them without their permission or a direct heads-up.
- Always send a personal email alongside the auto-generated invite. This helps your attendees know your invite is legitimate.
- Encourage people to reach out to you if they receive a meeting invitation that you supposedly created or will be attending. Remind them to follow these tips.
There's no doubt that video conferencing is a new normal, and it's only going to grow more commonplace as websites and software providers continue to introduce new features to make them more immersive and convenient. What matters is that you protect yourself.
By following these best practices, you can avoid falling victim to the next wave of phishing schemes, all while leveling up your cyber hygiene with a few simple steps.
You can receive information about phishing kits through services that provide data on cyberthreats, such as Kaspersky Threat Intelligence Portal. If you want to check if the page is legitimate, enter the link into the Threat Intelligence Portal search and get the statistics on it, including information about phishing kits.
Other related products: