The NJSBA cautions law firms and practitioners about a new wave of cyberattacks that use fake meeting invites to steal credentials and capture a person’s image or video.
The attack often starts with an unexpected calendar invite or video meeting link that appears to come from a legitimate business contact. Upon closer inspection, the invite may come from a different email address than the one you normally use to communicate with that person, though that is not always the case.
Once the person clicks the link, they may land on a fake Zoom or Teams-style meeting page that looks legitimate. From there, attackers may capture the person’s live camera feed and use that video later to create more convincing deepfakes or fake meeting content. At the same time, the page may try to steal passwords, browser data, cookies, session tokens or other sensitive information. These are not ordinary scams – they are cyberattacks that combine social engineering, credential theft and AI-enabled impersonation.
Three practical ways that help to stay safe:
Be cautious with unexpected meeting invites: If a calendar invite, Zoom link, Teams link or urgent request is unexpected, pause before clicking. Check the sender’s email address carefully, especially if it differs from the address you normally use for that person.
Confirm through a trusted channel: The best course is to call a publicly available or previously trusted phone number and confirm the meeting directly with the person or a member of their staff. Do not rely on the phone number, email address or link provided in the suspicious invite.
Never run “troubleshooting” commands from a webpage: A legitimate meeting platform should not ask you to copy and paste commands into PowerShell, Terminal or another system tool. A fake “audio issue” or “meeting connection problem” can be a setup to install malware and harvest credentials.
A key reminder: A professional-looking meeting invite, familiar name, realistic video or convincing voice is no longer enough to prove something is legitimate. Verify before clicking, joining, sharing credentials or taking action.