Beware: The Google Meet Scam That Could Be a Hacker’s Trick

A new wave of cyber scams is sweeping across the U.S., and one of the most insidious is known as ClickFix. This scam lures unsuspecting users with the promise of fixing a supposed issue on their devices, only to unleash malware that can wreak havoc on their systems.

The Rise of ClickFix and Its Implications

As previously reported, cybercriminals have been harnessing the power of social engineering to deliver messages that mimic error notifications from popular software like Google Chrome, Microsoft Word, and OneDrive. Now, they have turned their attention to Google Meet, targeting both Windows and Mac users.

This article delves into the mechanics of this cyberattack and offers valuable tips on how to safeguard yourself against these threats.

How the ClickFix Scam Works

According to cybersecurity experts at Sekoia, the ClickFix scam typically begins with an email inviting you to join a Google Meet session. These emails can appear to come from legitimate sources, often mimicking your organization’s communications. The link may direct you to a seemingly authentic Google Meet invitation for a meeting, webinar, or collaborative session. However, clicking the link will land you on a fraudulent Google Meet page that displays alarming warnings about your device.

The fake page may claim that there are issues with your microphone, camera, or headset. It often creates a sense of urgency, prompting you to take immediate action.

Identifying the Fake URLs

Here are some common URLs you might encounter in these deceptive emails:

• meet[.]google[.]us-join[.]com
• meet[.]google[.]web-join[.]com
• meet[.]googie[.]com-join[.]us
• meet[.]google[.]cdm-join[.]us

Once on the fraudulent page, users may be prompted to follow alarming instructions such as pressing “CTRL+V.” This action can inadvertently paste malicious code into the Windows command prompt, resulting in malware installation on your computer. Hackers can then exploit this access to steal sensitive data, including cryptocurrencies and personal information.

Broader Malware Trends

Sekoia has identified additional malware distribution tactics beyond Google Meet, affecting platforms such as Zoom, PDF readers, and various online gaming platforms. These threats are often linked to larger crypto scam organizations, with groups like Slavic Nation Empire and Scamquerteo leading some of these deceptive campaigns.

How to Protect Yourself from ClickFix and Other Cyber Threats

As the ClickFix scam continues to evolve, it’s crucial to take proactive measures to protect your devices and personal information. Here are several steps you can follow:

1. Invest in Robust Antivirus Software: Good antivirus protection can help you detect and prevent malware from infiltrating your devices. Look for solutions that also provide phishing email alerts and ransomware protection.
2. Monitor Your Financial Accounts: Regularly check your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your financial institution immediately.
3. Implement a Fraud Alert: Consider placing a fraud alert on your credit file by contacting one of the major credit reporting agencies. This makes it more challenging for identity thieves to open new accounts in your name.
4. Enable Two-Factor Authentication: Always activate two-factor authentication when available. This adds an additional layer of security by requiring a second form of verification, such as a code sent to your mobile device.