Suppose we didn’t have enough reasons to dread meetings. In that case, a recent rise in virtual scams using fake Google Meet invitations might be the final nail in the coffin. In this new type of phishing, hackers send out spoofed invitations to meetings and then trick recipients into downloading malware.
Although these attacks primarily target logistics and transportation companies at the moment, hackers are likely to expand their efforts to other industries and start sending links to fraudulent meetings to people in other industries.
How Hackers Are Using Meeting Invitations To Spread Malware
As email security protocols become better able to identify phishing links, hackers are constantly on the lookout for new ways to launch their campaigns. Fake Google Meet links are an ideal solution because most email programs will not identify them as suspicious.
In the latest version of this attack, when the recipient gets the meeting request and clicks on it, the link redirects to an error page, usually alerting them to an issue with their camera or microphone. The alert also includes a patch or version upgrade link to solve the problem. Downloading this supposed “fix” triggers malware insertion.
Protect Your Business From Phishing
Phishing scams are the cause of many data breaches, and it often feels like hackers come up with another, more insidious one as soon as you get a handle on one approach. Educating users on how to remain vigilant to threats, identify the signs of an attack, and how to respond can go a long way toward protecting your company against breaches, ransomware, identity theft, and other problems. For example, your team should confirm unexpected meeting invitations as a matter of protocol and be wary of any link that requires them to download and install anything.
Shoring up your defenses against malware requires technical solutions as well. Comprehensive network security includes:
- Network segmentation to contain the spread of a malware infection.
- Robust email security that blocks malicious messages and relies on a secure file-sharing program.
- Endpoint monitoring and security tools that use next-generation firewalls and intrusion protection.
- Requiring users to employ multifactor authentication and password management best practices.
- Install updates and patches immediately upon release to address security flaws before hackers can exploit them.
- Implement a backup program and test backups regularly.
A combination of antivirus and antimalware protection, firewalls, network segmentation, and email security ensures that when one approach fails, several others are in place to stop attacks.
The recent spate of attacks using fake Google Meet invitations should give you pause the next time you receive one, especially if it arrives from an unknown sender. If you aren’t expecting one, confirm the meeting with the sender. If they say they didn't send anything, delete the message.