Millions of Americans stuck at home under the coronavirus threat are turning to Zoom videoconferencing to connect for work and school, but a dark side of the wildly popular service is emerging. The FBI reports Zoombombers are hijacking teleconferences across the country and assaulting virtual meetings with pornography, hate images and threatening language. The FBI particularly warns schools to be careful.
The FBI said a Massachusetts high school online class was disrupted by a hijacker who yelled a profanity and the teacher’s home address. A troll interrupted another Massachusetts virtual classroom and displayed swastika tattoos.
At the University of Southern California in Los Angeles, administrators reported disrupters invaded lectures with racist and vile language. CNN affiliate WKMG said a man entered an Orange County, Florida virtual class and exposed himself.
As Zoom comes under scrutiny for its security, the teleconference software provider has responded by changing settings for school and university accounts to make their meetings more private by default. Zoom also published a guide on how users can protect meetings from Zoombombing.
Keeping your event small and private will help thwart hijacking. When an event is large and open to the public, preventing attacks becomes much more difficult. Here are ways to keep Zoombombers out of your meetings and classrooms.
Make your meetings private.
Don’t make meetings or classrooms public. Require guests to use a meeting password to join your event and stop uninvited visitors—even those who have obtained a meeting link— from intruding. Keep meetings small and wait until just before the event starts to send out meeting codes.
Don’t put meeting codes directly on social media.
Don’t share a link to a meeting or classroom on a public social media post that’s unrestricted. Social media has become fertile ground for Zoombombers to swap meeting codes. Don’t put your Zoom code or link directly on social media if you’re holding a large, public event. Provide an email address so your audience can R.S.V.P. their interest in attending the event. This allows you to restrict access and share the event link only with those you’ve vetted.
Hold guests in a waiting room.
Creating a virtual holding room lets the meeting owner control who’s admitted to the event. Don’t rely on making sure that someone seeking admission is on your guest list; some Zoombombers have been identifying themselves with familiar names. Ask everyone to turn on their cameras before you let them in.
Manage screensharing options.
Change screensharing in Zoom to “Host Only.” Leaving screen sharing privileges set to “All” permits Zoombombers to hijack your meeting and project offensive imagery to meeting’s participants.
Turn off the annotation tool.
The annotation feature allows trolls to use cursors and draw onscreen over meeting hosts’ presentations even if screen sharing is limited. Zoombombers have used the tool to scrawl offensive words and shapes in blazing colors.
Add host controls.
As innocuous as common features seem, Zoombombers can wield them to turn your meeting into a nightmare of harassment. Consider using host controls to restrict custom backgrounds, block private chats or turn off file transfers if you think these features could be used to taunt invited guests.
Thwart trolls from returning.
One way to prevent a troll from coming back for repeat attacks is to disable the “allow removed participants to rejoin” feature.
Use updated Zoom software.
Zoom updated its software in January to add default passwords for meetings. The security update also disabled the ability that would allow Zoombombers to randomly scan for meetings to join. Make sure guests use the updated software.