Zoom Fixes a Vanity URL Issue to Prevent Potential Phishing Attacks

If users had clicked on the malicious vanity URL, attackers could've possibly injected malware into the device.

Advertisement
By Abhik Sengupta | Updated: 17 July 2020 13:12 IST
Highlights
  • Check Point says Zoom Vanity URL could've been manipulated in two ways
  • Both the methods could've led to potential phishing attacks
  • Zoom had earlier fixed a Zoomboming issue with Check Point's help
Zoom Fixes a Vanity URL Issue to Prevent Potential Phishing Attacks

Zoom had worked with Check Point on vanity URL issue

Zoom along with the cybersecurity company Check Point has fixed an issue with its vanity URLs that could have potentially allowed hackers to manipulate meeting ID links for phishing purposes. If users had accepted or clicked on the particular malicious vanity URL, attackers could've possibly injected malware into the device to carry out a phishing attack. A vanity URL is described as a custom URL used by brands for marketing purposes. It essentially allows users to remember or find a specific page within the website, such as "http://[yourcompany.zoom.com].zoom.com." According to Check Point, this vulnerability could've been manipulated in two ways.

The details about Zoom's Vanity URL vulnerability fix were shared by Check Point in blog post on Thursday.

"This was a joint effort between Check Point and Zoom. Together, we've taken important steps to protect users of Zoom everywhere," Network Research & Protection Group Manager at Check Point, Adi Ikan stated in the blog post.

Vanity URL vulnerability

As mentioned, the vulnerability could have allowed hackers to manipulate a vanity URL in two ways. The first way of targeting was via direct links. Check Point states that this would have allowed a hacker to directly change the Zoom invitation link that might be difficult to recognise by a person without "particular cyber-security training."

Advertisement

The second way of targeting Zoom users was through dedicated Zoom Web interfaces. Some organisations have their own Zoom Web interface for conferences.

"A hacker could target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual or genuine Zoom web interface," Check Point noted.

Advertisement

These two methods of manipulating vanity URLs would have allowed hackers to steal Zoom users' data. The issue has been fixed by Zoom, according to Check Point.

Notably, the cybersecurity firm had worked with Zoom earlier in January to fix another potential vulnerability that could have allowed hackers to join a meeting uninvited (also known as Zoombombing). After Check Point pointed out the issue, Zoom introduced passwords by default for all future scheduled meetings.

In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Zoom, Zoom app, Check Point, Vanity URL
Microsoft Xbox One X, Xbox One S All-Digital Edition Production Stopped in Preparation of the Series X: Report
Leica M10-R Rangefinder Camera Launched in India at Rs. 6,95,000
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. OTT Releases This Week: Ground Zero, Detective Sherdil, Found S2, and More
  2. Vivo Y400 Pro 5G India Launch Today: All You Need to Know
  3. Oppo Reno 14 5G Series Teased to Launch in India Soon
  4. Nothing Phone 3 to Get New Glyph Matrix Interface on the Rear Panel
  5. Samsung Galaxy M36 5G India Launch Date and Key Features Revealed
  6. YouTube Shorts Will Soon Let You Create AI Video Clips With Veo 3 Model
  7. Samsung Galaxy Z Fold 7 Leaked Renders Suggest Design Changes
  8. Vivo T4 Lite 5G to Launch in India on June 24; Chipset Confirmed
  9. OnePlus Bullets Wireless Z3 With Up to 36 Hours Battery Launched in India
#Latest Stories
  1. Samsung Galaxy Z Flip 7 Leaked Renders Suggest Edge-to-Edge Cover Display
  2. YouTube Shorts to Bring Google’s Veo 3 Video Generation Model With Audio Support 'This Summer'
  3. Samsung Galaxy Z Fold 7 Leaked Renders Hint at Design Changes; Storage Options Tipped
  4. Vivo Y400 Pro 5G Launching Today: Price in India, Expected Features and Specifications
  5. Fast Radio Bursts Reveal Universe’s Missing Matter Hidden in Cosmic Intergalactic Fog
  6. Apollo Astronauts Found Orange Glass Beads on the Moon, Scientists Now Know Why
  7. World’s Oldest Tailored Dress Found in Egyptian Tomb Dates Back Over 5,000 Years
  8. Ancient Footprints in White Sands Confirm Humans Reached America 23,000 Years Ago
  9. Humanoid Robot Achieves Controlled Flight Using Jet Propulsion and AI Systems
  10. Curiosity Rover Reaches Uyuni Quad, Begins New Mars Mapping and Surface Analysis Campaign
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.