Corporate Zoom call was a trap to steal credentials

A fake Zoom meeting scam has tricked users with a realistic video to steal corporate credentials.

The Zoom invite says, "Critical Issue – Emergency Meeting," and the subject line alone triggers just enough panic to make you drop everything and click the link.

Just as you think you're joining, a “connection timed out” pop-up prompts you to log in again. The Zoom interface looks real, and the login form even has your email address already filled in. You type in your corporate credentials, and they are sent directly into the hands of threat actors.

This is a scenario from a new phishing campaign detected by cybersecurity firm Cofense that instills a sense of urgency to steal corporate credentials.

According to the researchers, this tactic consistently drives high click rates, especially when the email mimics internal communication or business tools like Zoom.

It looked like a real Zoom call

In this phishing campaign, threat actors are taking an extra step to hide their bad intentions. Once clicked, the malicious link uses deceptive hyperlinking (URL masking) to lead the user through multiple redirect layers.

The initial link appears to originate from Cirrus Insight, a legitimate CRM platform, and ultimately funnels the victim to a fake Zoom meeting page hosted on an obscure cloud domain.

The phishing page is an exact replica of a Zoom call in progress. There’s a fake “joining meeting” animation, followed by a live-looking video interface. People in the call wave, someone nods. Then, the call “fails” with a connection timeout, triggering a Zoom Workplace login prompt.