English
العربية
We have identified an active social engineering activity in which threat actors misuse the Zillow real estate platform to initiate contact with potential victims. After establishing initial trust through the platform’s messaging system, the attackers deliberately move the conversation to email, where they send a fraudulent Zoom meeting invitation.
The email contains a link that appears to lead to a legitimate Zoom meeting. In reality, the link redirects the recipient to a counterfeit Zoom meeting page hosted on the domain zoominviteeeue[.]de, which is not affiliated with Zoom. The page is designed to closely resemble Zoom’s interface and prompts the user to download and execute a file presented as required meeting software.
(A screenshot of the fraudulent page is shown below.)
If the file is executed, malicious activity is triggered in the background without clear user indication. This results in unauthorized remote access being established on the victim’s system, providing the attacker with persistent control. No software vulnerability is exploited in this process; the compromise relies entirely on brand impersonation, user trust, and the misuse of legitimate workflows.
This activity presents a high risk due to the combination of a trusted online marketplace, a widely used collaboration platform, and email-based delivery outside of platform protections. Users involved in property sales or rentals are particularly exposed, as the pretext aligns with expected communication patterns.
We strongly advise users to treat Zoom meeting invitations received via email with caution, especially when they follow conversations that began on third-party platforms. Meeting software should only be downloaded from official vendor websites, and unexpected requests to install files in order to join a meeting should be considered suspicious.
This case highlights an ongoing trend in which attackers avoid technical exploits and instead rely on social engineering and the abuse of trusted brands to achieve compromise. Awareness and verification remain the most effective defenses against this type of activity.
Wishing you a safe and secure year ahead in 2026.
