At Zoom, we are hard at work to provide you with the best 24x7 global support experience during this pandemic. The other centered around targeting an organizationâs own Zoom web interface, and urging a victim to enter their meeting ID into a malicious vanity URL instead. Organizations could use the Vanity URL mechanism to create a customized version of Zoomâs invitations links. SINGAPORE, @mcgallen #microwireinfo, July 17, 2020 â Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), recently helped to mitigate risk associated with a potential security issue in Zoomâs customisable âVanity URLsâ feature that could have allowed hackers to send legitimate-looking Zoom business meeting invitations that appear as associated with a particular Zoom ⦠Setting up Managed Domains; 6. This issue impersonated relevant organizations using the Vanity URL capability. A hacker could target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual or genuine Zoom web interface. The kink, which was discovered by security firm Check Point and disclosed to Zoom, essentially resided in the companyâs âVanity URLâ feature ⦠This is important if you still have active meeting links with the previous Vanity URL and want to ensure they still work without resending invites with the updated link. Enabling Sharing Controls in Meetings; 7. Of course, where people go, criminals will follow. An issue related to the Zoom feature that allows for the customization of meeting URLs could have been exploited for phishing attacks, Check Point reveals. Zoom Meetings Security Enhancements; 9. Sign in to the Zoom web portal. A victim receiving such an invitation would have had no way of knowing the invitation did not actually come from the actual organization. In addition, the organization can add a dedicated and customized website for this service. As with the direct links attacks, without careful cybersecurity training, a victim of such attacks may not have been able to recognize the malicious URL and have fallen prey to the attack. Zoom Security - Lesson Summary Copyright ©2021 Zoom Video Communications, Inc. All rights reserved. After the new Vanity URL is approved, you will also need to adjust the SSO settings with the new Vanity URL, as well as sign-in again to any scheduling extensions or plugins. The vanity URL must match the companyâs domain name. If your account already has a Vanity URL and need to have it changed, please contact Zoom Support. An attacker could have invited the victim to join the session through the dedicated website, and the victim would have had no way of knowing the invitation did not actually come from the legitimate organization. A vanity URL could later be designed or customised as per the userâs preference. There are many relevant day-to-day scenarios that could potentially have been leveraged using this impersonation method, which could have resulted in a successful phishing attempt â Especially if used to impersonate an enterpriseâs Zoom Vanity URL. In the navigation menu, click Advanced then Branding. A user can enter any meeting ID in this screen, whether it was originally scheduled by the organizationâs employee or not, and join the relevant Zoom session. You will be notified prior to any changes. Optionally, you can also brand this vanity page to have customized logo/branding, but generally your end-users do not type to access this vanity page directly and instead click a link to join a meeting. For example, if you need a vanity URL for your IT department, you should request "hooli-it.zoom.us". So itâs no surprise that the explosive growth in Zoom usage has been matched by an increase in new domain registrations with names including the word âZoomâ, indicating that cyber-criminals are targeting Zoom domains as phishing bait to lure victims. We have also detected malicious files impersonating Zoomâs installation program. yourcompany.zoom.us). As the world starts to emerge from Coronavirus-related lockdowns, and organizations continue to support remote working for their employees, âZoomingâ has become part of our everyday language. The video conferencing service was already popular before the pandemic, but in the ânew normalâ of social distancing it has become the go-to platform globally for everything from high-level government and business meetings, to university and school classes, to family gatherings â meaning that Zoom usage has soared from 10 million daily meeting participants back in December 2019 to over 300 million in April 2020. The new Vanity URL will need to conform to the guidelines above, and you should inform Zoom Support if you require the previous Vanity URL to redirect to the new Vanity URL. Changing Sharing Preferences; 5. This vanity URL is required for configuration if you intend to turn on SSO (Single Sign On). If you need a vanity URL for a sub-account or department, it should contain the department name and the organization's domain name. Follow the sections below: Logo URL: Customize the header logo. Upon setting up a meeting, an attacker could change the invitation link URL to include any registered sub-domain. "Prior to Zoom's fix, an attacker could have attempted to impersonate an organization's Vanity URL link and send invitations which appeared to be legitimate to trick a victim," the study said. When the user enters the website and clicks the Join button, the following screen appears: Figure 2 â Zoomâs âJoin a Meeting Screenâ. A vanity URL is a descriptive, memorable and pronounceable URL usually used to redirect URLs from one location to another. This is a case when you as a user have purchased a custom URL in zoom to join or start your meetings. As part of this ongoing commitment, please review our updated. Attacking dedicated Zoom web interfaces: Since some organizations have their Zoom web interface for conference calls, a hacker could also target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual Zoom web interface and join the relevant Zoom session. Your new Vanity URL will need to meet the same requirements as a new Vanity URL, listed below. Vanity URLs must only contain letters, numbers and dashes (-). Guidelines for Vanity URL Requests. In addition, the attacker could also change the link from /j/ to /s/: https://[.]zoom[.]us/s/7470812100. Zoom Security - Learning Outcomes; 2. In our ongoing efforts to respond to the latest developments in the threat landscape and contribute to the global cyber security community, we have collaborated with Zoom Video Communications to find ways to ensure that its users can enjoy all of its benefits safely and securely. Back In January 2020 we reported a technique which would have allowed a threat actor to potentially identify and join active meetings to which they weren’t invited. As explained by Zoom on their support page, A Vanity URL is a custom URL for your company, such as yourcompany.zoom.us. Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Notifications will be sent to the email address of the user who requested the URL. We reserve the right to remove or change your Vanity URL if there is a conflict between 2 companies for the same Vanity URL. Targeting dedicated Zoom web interfaces: some organizations have their own Zoom web interface for conferences. For instances, companies can create URLs with their firm names. There are several ways to enter a meeting containing a sub-domain, including using a direct sub-domain link containing the meeting ID, or using the organizationâs customized sub-domain web UI. Letâs look at each option in turn. What is a Vanity URL? Also, to enjoy the various benefits of daily usage of Zoom, here are some guidelines to consider. Happy Zooming! Note: These settings don't affect your landing page. In the simplest terms, a vanity URL is a long URL that has been converted into a customized short link. This vanity URL is required for configuration if you intend to turn on SSO (Single Sign On). Click the Header/Footer/Sidebar tab. The security issue is focused on the sub-domain functionalities described above. Non-conforming Vanity URLS will be declined or approved within 4-5 business days. This subdomain is required for configuration if you intend to turn on SSO (Single Sign On) and is where you would direct your users to login via SSO. ]us/s/7470812100. Software License Agreement & Hardware Warranty, https://[.]zoom[. If your account has already been approved for a Vanity URL, but need to change it, please contact Zoom Support. For instance, if the original invitation link was https://zoom[. Vanity URL is a way to change your zoom links from the default one. Learn hackers inside secrets to beat them at their own game. Zoom is a video conferencing service that has come under intense scrutiny after being widely adopted as the collaboration tool of choice by numerous organizations and end-users worldwide, amid the COVID-19 pandemic. For example: "hooli.com" should apply for "hooli.zoom.us". The other centered around targeting an organizationâs own Zoom web interface, and urging a victim to enter their meeting ID into a malicious vanity URL instead. The Vanity URL mechanism allows organizations to create a customized version of Zoomâs invitations links. Zoom Flaw With Vanity URL. Vanity URLs should be at least 4 characters in length (https://1234.zoom.us). In addition, the attacker could have directed the victim to a sub-domain dedicated website, where the victim entered the relevant meeting ID and would not be made aware that the invitation did not come from the legitimate organization. And recently we found another potential security issue, as described below, which could have led to successful phishing attempts. This subdomain is required for configuration if you intend to turn on SSO (Single Sign On) and is where you would direct your users to login via SSO. Lastly, the video conferencing training session guide shows how to control your Zoom in-meeting experience, apply for Vanity URL, change share preferences, add managed domain, join a password-protected meeting, reshare a zoom room invitation link to reflect the recent Zoom security enhancements and connect with zoom 24x7 globally to support. Password-Protected Zoom Meetings; 8. Research by: Adi Ikan, Liri Porat and Ori Hamama. ]us/j/7470812100, the attacker could change it to https://[.]zoom[.]us/j/7470812100. As a result of our continued collaboration and Check Pointâs reporting of this issue, Zoom has resolved the issue with a fix. A Vanity URL is a custom URL for your company, such as yourcompany.zoom.us. âPrior to Zoomâs fix, an attacker could have attempted to impersonate an organizationâs Vanity URL ⦠According to Zoom, a Vanity URL is a custom URL for your company such as yourcompany.zoom.us. Vanity URLs contain a domain name which features the brand or a ⦠Zoom along with the cybersecurity company Check Point has fixed an issue with its vanity URLs that could have potentially allowed hackers to manipulate meeting ID links for phishing purposes. Researchers at Check Point have been working with Zoom to to fix a security issue that would have allowed hackers to manipulate organizationsâ customizable Zoom 'Vanity URLs⦠As part of our cooperation, Zoom quickly introduced a number of mitigations which ensured that such attacks are no longer possible. A hacker could target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual or genuine Zoom web interface. Read Here for more details https://support.zoom.us/hc/en-us/articles/215062646-Guidelines ⦠Video conferencing company Zoom and software company Cyber Security Research have fixed a vanity URL issue that could lead to phishing or fraud attacks. All the details of how an attacker could impersonate an organizationâs Zoom subdomain links or actual sub-domain website discussed here were responsibly disclosed to Zoom Video Communications, Inc. as part of our ongoing partnership and cooperation. This security issue has been fixed by Zoom, so the exploits described are no longer possible. For example, an attacker could have introduced themselves as legitimate employees in the company, sending an invitation from an organizationâs Vanity URL to relevant customers in order to gain credibility. For example, â example .Comâ is â example should be applied to .zoom.usâ. A video shared by Zoom and Check Point Research, which helped identify and resolve the issue, shows how the exploit worked. This activity could have then been leveraged to stealing credentials and sensitive information, as well as other fraud actions. åãããã㣠URL ã«ã¤ã㦠2 ã¤ã®ä¼ç¤¾éã§éè¤ãããå ´åã Zoom 社ã¯ããã㣠URL ãåé¤ã¾ãã¯å¤æ´ãã権å©ãæãã¦ãã¾ããå¤æ´ãããå ´åã¯ãäºåã«éç¥ããã¾ãã ãã®è¨äºã®ãªãªã¸ãã«ã確èªãããå ´åã¯ãGuidelines for Vanity URL Requestsããåç
§ãã ããã cp is dedicated to improve and thrive towards safer technologies, better secured infrastructures, and generally to enrich the greater intelligence community, and will continue such efforts by liaising with product leaders such as Zoom”. One of the features of Zoom is the ability to create a âVanity URL,â which is described on the Zoom website as: A Vanity URL is a custom URL for your company, such as yourcompany.zoom.us. Implement all zero trust principles with Check Point Infinity. This scenario targeted the Vanity URL capability. Customizing branding settings for your vanity URL, Customizing the meeting schedule email template, Business, Education, Enterprise, or API plan, A custom domain owned by your organization, You must submit a Vanity URL request from your official domain and not a public domain (gmail.com, hotmail.com, etc.). Adi Ikan, Network Research & Protection Group Manager in Check Point: “Our partnership with Zoom has provided Zoom users globally with a safer, simpler and seamless communication experience. Targeting dedicated Zoom web interfaces: some organizations have their own Zoom web interface for conferences. Zoom Fixes a Vanity URL Issue to Prevent Potential Phishing Attacks If users had clicked on the malicious vanity URL, attackers could've possibly injected malware into the device. Securing Zoom Meetings; 3. Itâs worth noting that 90% of cyber-attacks start with a phishing email. Also, clicking on the “Sign in to Start” button, would often lead the victim to the organization’s legitimate portal. The vulnerability allows an attacker to impersonate an organizationâs Vanity URL link and send invitations which appeared to be legitimate to trick a victim. This vanity page is not used for webinar registration or waiting room, although both of these can be customized individually. To make sure youâre doing enough to protect your organizationâs attack vectors, we suggest that you read the whitepaper Humans are Your Weakest Link to discover the daily risk posed by phishing emails. Recently researchers from Check Point discovered a vulnerability in the Zoom Vanity URL, a feature that allows users to create a âVanity URL,â which is a custom URL for your company (i.e. Briefly, Vanity URL is a feature that allows Zoom customers to create customized URLs. One of the features of Zoom is the ability to create a âVanity URL,â which is described on the Zoom website as: A Vanity URL is a custom URL for your company, such as yourcompany.zoom.us. A hacker could target such an interface and attempt to redirect a user to enter a meeting ID into the malicious Vanity URL rather than the actual or genuine Zoom web interface. A vanity URL can also be known as a branded Link or a custom short URL. Setting up Vanity URL; 4. The vulnerability resides with âVanity URL,â which is an option in Zoom, used to create a custom URL for your company.The custom URL should be like yourcompany.zoom.us instead of the regular one. Vanity URLs conforming to the guidelines will be approved within 1 business day. If users had accepted or clicked on the particular malicious vanity URL, attackers couldâve possibly injected malware into the device to carry out a phishing attack. Another way of entering a meeting is with the organizationâs dedicated sub-domain web UI, as seen in the example below: Figure 1 â An organizationâs Zoom Web UI. You need the length of the vanity URL is 4 or more characters, for example, (Https: // 1234 .Zoom.Us) Vanity URLs should contain only letters, numbers, and dashes (â-â). âhooli.orgâ should apply for âhooli-org.zoom.usâ, âhooli.com.auâ should apply for âhooli-au.zoom.usâ, âhooli.org.auâ should apply for âhooli-org-au.zoom.usâ, "hooli.edu" should apply for "hooli-edu.zoom.us", If you submit your request from name@hoolicompany.com and request hooli.zoom.us, you must submit evidence that you own hooli.com. You can customize the header and footer that appears throughout the web portal when accessed from your vanity URL. Vanity URL. Zoom has provided us with a statement on the vanity URL bug. Given there are cases of organizationâs logos appearing when entering such a URL, this could have added an additional layer of deception. A Vanity URL is a custom URL for your company, such as yourcompany.zoom.us. Prior to Zoomâs fix, an attacker could have attempted to impersonate an organizationâs Vanity URL link and send invitations which appeared to be legitimate to trick a victim. A Vanity URL is a custom URL for your company, such as yourcompany.zoom.us. In addition, the organization can add a dedicated and customized website for this service. Vanity URLs should match your company's domain name. Vanity URL Template Override Filter Hooks Import Meeting Assign Host Page WebHooks Addons Addons Video Conferencing with Zoom Pro WooCommerce (Addon) WooCommerce Product Vendors (Addon) WooCommerce Bookings (Addon) Booked Appointments (Addon) WCFM (Addon) WooCommerce Appointments (addon) FAQ Support For your company, such as yourcompany.zoom.us attacker to impersonate an organizationâs vanity URL mechanism to create a version... Logo URL: customize the header Logo Zoomâs invitations links invitation did not actually come from the default one companyâs... For conferences characters in length ( https: // < organizationâs name > [. ] [... Of our continued collaboration and Check Point Research, which helped identify and resolve the,! To be legitimate to trick a victim, please contact Zoom support instance, if you intend to on... Into a customized version of Zoomâs invitations links are no longer possible `` hooli-it.zoom.us '', shows how the worked! Should match your company 's domain name organizations could use the vanity URL could later be or! Of Zoomâs invitations links have added an additional layer of deception the original invitation link was:! ( https: //zoom [. ] Zoom [. ] Zoom [. ] [... Dedicated and customized website for this service dedicated Zoom web interfaces: some organizations their... The exploit worked would have had no way of knowing the invitation did not actually come from the actual.... Did zoom vanity url actually come from the default one userâs preference recently we found another potential issue! And dashes ( - ) consider. Happy Zooming vanity URL is required for configuration if you to... To change your Zoom links from the actual organization a descriptive, and... Url can also be known as a new vanity URL bug 4-5 business days by Zoom and Check reporting! Would have had no way of knowing the invitation did not actually come from default... We found another potential security issue,  Zoom has provided us a!, numbers and dashes ( - ), where people go, criminals follow! Up a meeting, an attacker to impersonate an organizationâs vanity URL is case... A new vanity URL will need to have it changed, please contact Zoom support as... Has zoom vanity url the issue, as well as other fraud actions continued collaboration and Check Infinity. Companies can create URLs with their firm names Communications, Inc. All rights...Comâ is â example.Comâ is â example should be applied to.zoom.usâ vanity. Of the user who requested the URL way to change it, contact. Legitimate to trick a victim receiving such an invitation would have had no way of knowing invitation. And dashes ( - ) to have it changed, please contact Zoom support, as below! This activity could have led to successful phishing attempts could change the invitation did actually. Usually used to redirect URLs from one location to another for a vanity URL mechanism organizations. Companies for the same vanity URL is a way to change it, review! The same vanity URL will need to have it changed, please contact Zoom.. Actual organization n't affect your landing page, but need to have it changed, please contact Zoom.... For configuration if you intend to turn on SSO ( Single Sign on ) a branded or! Continued collaboration and Check Pointâs reporting of this ongoing commitment, please contact Zoom support reserve! Of daily usage of Zoom, we are hard at work to you! Rights reserved exploit worked configuration if you intend to turn on SSO ( Single Sign on ) as by... All zero trust principles with Check Point Infinity your account has already been approved for a URL. During this pandemic web portal when accessed from your vanity URL for your company such as yourcompany.zoom.us their Zoom! Department, it should contain the department name and the organization 's domain name for. New vanity URL is a way to change your Zoom links from the default one interface for.... Targeting dedicated Zoom web interfaces: some organizations have their own Zoom web for! Version of Zoomâs invitations links here are some guidelines to consider. Happy Zooming example: hooli.com!, a vanity URL impersonated relevant organizations using the vanity URL is conflict... To meet the same requirements as a user have purchased a custom URL for a or. And Ori Hamama with Check Point Infinity ] us/j/7470812100, the organization 's domain name Zoomâs invitations links have... The best 24x7 global support experience during this pandemic URL if there is a custom URL for company! Such attacks are no longer possible have added an additional layer of deception criminals will follow fraud actions or,. Also be known as a branded link or a custom URL in Zoom to join or your! Webinar registration or waiting room, although both of These can be customized individually domain.! Accessed from your vanity URL is a conflict between 2 companies for the same requirements as a result of continued! The web portal when accessed from your vanity URL capability URL could later designed... Addition, the attacker could change the invitation did not actually come from the default one best global... Has been converted into a customized short link also, to enjoy the various benefits of daily of. You can customize the header Logo the right to remove or change your links! Footer that appears throughout zoom vanity url web portal when accessed from your vanity URL customized website for service. Url in Zoom to join or start your meetings with the best 24x7 global support experience during this pandemic Porat.: customize the header and footer that appears throughout the web portal when accessed from your vanity URL must the... Then Branding and Ori Hamama 's domain name be legitimate to trick a victim such... These settings do n't affect your landing page affect your landing page addition... Such an invitation would have had no way of knowing the invitation did actually!, Inc. All rights reserved the user who requested the URL portal when accessed from vanity. Their own Zoom web interfaces: some organizations have their own game default one this vanity page not... According to Zoom, we are hard at work to provide you with the best 24x7 global experience... Phishing email on their support page, a vanity URL bug Warranty, https //... Could change the invitation did not actually come from the actual organization organizationâs logos appearing when entering a! Vanity page is not used for webinar registration or waiting room, although both of can... Hooli-It.Zoom.Us '' be approved within 4-5 business days worth noting that 90 % of cyber-attacks start with fix! Secrets to beat them at their own Zoom web interfaces: some organizations have their own game of... Header Logo, criminals will follow webinar registration or waiting room, although both These... Credentials and sensitive information, zoom vanity url well as other fraud actions customers to create a version! The exploit worked on the vanity URL is a way to change your vanity is!: // < organizationâs name > [. ] Zoom [. ] Zoom [ ]. Usage of Zoom, zoom vanity url are hard at work to provide you with the best global... Where people go, criminals will follow conforming to the guidelines will be declined or within! Guidelines to consider. Happy Zooming a fix and need to have it changed, please contact Zoom support Hardware. Your meetings, you should request `` hooli-it.zoom.us '' way to change your vanity URL must match companyâs. Their firm names to enjoy the various benefits of daily usage of Zoom a... Url if there is a custom URL in Zoom to join or your! Follow the sections below: Logo URL: customize the header Logo a case when as... Inside secrets to beat them at their own Zoom web interface for conferences turn on (. The exploit worked impersonate an organizationâs vanity URL is a feature that allows Zoom customers to create URLs. And send invitations which appeared to be legitimate to trick a victim receiving such an would... Has a vanity URL is a conflict between 2 companies for the same vanity URL is a case when as... Should contain the department name and the organization can add a dedicated and customized website for this.. Example should be at least 4 characters in length ( https: [! Zoom has provided us with a phishing email experience during this pandemic customized website this. These settings do n't affect your landing page if you intend to turn on SSO ( Sign... Should apply for `` hooli.zoom.us '' logos appearing when entering such a URL, this could led! An organizationâs vanity URL is a custom URL for your company, as... // < organizationâs name > [. ] us/j/7470812100, the zoom vanity url change. Focused on the sub-domain functionalities described above pronounceable URL usually used to redirect URLs from one location to.! As a user have purchased a custom short URL descriptive, memorable and pronounceable usually. Zoom to join or start your meetings mechanism to create a customized version of invitations! This issue impersonated relevant organizations using the vanity URL is a custom short URL of Zoomâs invitations.!: customize the header Logo Zoom support organizations to create a customized version of Zoomâs invitations links vanity page not! Conflict between 2 companies for the same requirements as a branded link or custom... Or start your meetings support page, a vanity URL if there is a conflict between companies! < organizationâs name > [. ] Zoom [. ] Zoom [. ] us/j/7470812100, organization... You intend to turn on SSO ( Single Sign on ) to https: )... As explained by Zoom on their support page, a vanity URL could later be designed or as! Links from the default one allows Zoom customers to create a customized of!