Categories
Pages
-

IT Center Blog

Beware of Meeting Invite Phishing Scam!

November 21st, 2022 | by
Laptop in front of orange background with incoming e-mail

Source: Own illustration

The way we work together has changed fundamentally in recent years. Among the major changes is the shift of work processes to the home office. Not only have everyday tasks had to be shifted into virtual space, but also the entire communication process. This is how online meetings and video conferencing became a central part of our working lives. The digitization of these work processes brings many benefits. However, it also confronts many companies and organizations with major challenges. One of these challenges is the drastic increase in cyber attacks. As is so often the case, Internet fraudsters have taken advantage of the new situation and quickly developed a variety of new types of fraud methods. These include, for example, phishing attempts via appointment invitations.

 

How Does Phishing by Meeting Invite Work?

In this scam, recipients are sent an email inviting them to online meetings and video conferences. These emails encourage the recipient to click on a link, for example, to confirm their participation or to provide their personal data. The scam is particularly insidious if the event mentioned in the email is a real event or conference. When skimming the email, recipients encounter content they are familiar with and are lulled into a false sense of safety. This safety then often leads to inattention.

Invitations to supposedly ordinary online meetings can also bear dangers. In addition to the options to accept or decline the appointment, the appointment also contains a shortcut to access the meeting. This link may hide applications that are intended to infect the system and intercept sensitive data. Such emails might also contain information that the account has been suspended or that a meeting has been missed. Recipients are then asked to click on a link to reactivate their account or get more information about the missed event.

 

What You Should Always Keep in Mind When Receiving Invitations to Meetings per Mail:

There is one rule you should follow, and it is probably the most important one: never click on anything without proper consideration. This applies to links as well as files or other content, such as photos, which may also be clickable. For links, always check the associated URL address.

Be sure to take the time to look closely at any request and question its content. For example, many phishing emails may contain grammatical and spelling errors. Phishing emails may also show unusual formatting. Any inconsistency could be an indication of a fake email. So always keep your eyes open.

If, after thoughtful examination, you are still in doubt, it is highly recommended that you browse the Internet for official contact persons and contact these persons personally, for example by phone.

 

I Have Received a Fake Meeting Invitation. What should I do?

Should you receive a fake conference or appointment invitation, or if an invitation seems suspicious to you, you should always report the case to the appropriate department. In case of suspicious invitations to a RWTH email address, forward us the relevant invitation email as an attachment (!!) to both servicedesk@itc.rwth-aachen.de and spam@access.ironport.com.

Every phishing attempt we know about enables us to collect important information and take appropriate security measures. You want to learn more about IT security and fraud methods on the Internet? You can find an overview of all our posts on this topic under the IT security tag. Help us make the internet a safer place!

 

Responsible for the content of this article is Stéphanie Bauens.

Leave a Reply

Your email address will not be published.