Today, many of us use Zoom for business meetings, classes, and more. COVID-19 has turned Zoom into a household word. Along with it, we’ve been introduced to a new form of online attack. An unknown person joins your meeting completely uninvited. Everything goes downhill from there.
Welcome to Zoom-Bombing
Occasionally, these uninvited attendees may observe your meeting quietly. In most cases, they completely disrupt it with yelling, threats, and sometimes, pornographic images. It’s been dubbed “Zoom-bombing”.
“Zoom-bombing” can happen to anyone. Jessica Lessin, editor-in-chief of The Information, tweeted about an incident that occurred two weeks ago.
Our video call was just attacked by someone who kept sharing pornography + switching between different user accounts so we could not block them. Stay tuned for next steps. And I am sorry to everyone who experienced. We shut down as soon as we could.
The FBI in Boston posted a press release about Zoom-bombing on Monday. Two separate incidents occurred in Zoom meetings hosted by Massachusetts-based schools. One individual interrupted a meeting with profanity and shouting. In another meeting, a different individual started displaying swastika tattoos.
According to the FBI’s Boston Division, “The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.” The FBI is recommending “due diligence and caution in your cybersecurity efforts.”
How to Prevent Zoom-Bombing
Zoom-bombings are happening for a few reasons. For starters, people are sharing their meeting links on social media. Searching for “zoom.us” on Twitter turns up multiple meeting links. ANYONE with the link can join your meeting. DON’T share your meeting link in a public space like Facebook or Twitter.
Don’t use your Personal Meeting ID (PMI). That ID doesn’t change unless you manually update it. It functions as a single meeting that never ends. Anyone can join at any time.
Every meeting includes the option “Require meeting password”. Enable this on every meeting. Keep in mind that the invitation will include an encrypted version of the password in the link. Meeting links without the password look like “https://zoom.us/j/”. A meeting link with the password will include “?pwd=” to the end of the link. Don’t post the link publicly with the password or pwd. Send the password privately via email, text message, or another private messaging system.
You can also use the “Waiting Room” on any meeting. The waiting room allows you to control who can join your meeting. Attendees will sit in the waiting room until the host admits them into the meeting. You’ll first have to enable this option on your account. You’ll find it in your account settings on the Zoom website (not in the app). Look for the In-Meeting (Advanced) section (image below).
Follow these recommendations, and you should avoid any mishaps with your virtual meetings. Hopefully, all of us can start holding our meetings together in the real world next month. Stay safe.
Looking for More Tips?
Blog posts with various IT tips and news are released every Friday. We publish new episodes of Tech Tip Tuesday as often as we can. You can view previous episodes in our Tech Tip Tuesday library. Click the Sign Up or Subscribe button on this page to subscribe and receive every tip directly in your inbox each week. Pit Crew IT Services can also help your organization with any IT needs you might have. Get started with a free consultation using the button below.