"Zoombombing" hackers threaten video meetings' security: Internet Scambusters #910
"Zoombombing" is a new crime spawned by hackers bent on disrupting video conferences that firms and families are trying to use during Coronavirus restrictions.
The video conferencing service Zoom gives the crime its name, but other similar services could also be under threat, as we explain in this week's issue.
We'll give you tips from an expert on how to block or avoid Zoombombing attacks -- plus we have news about two more new Coronavirus scams.
Let's get started...
How to Beat "Zoombombers" -- The New Breed of Video Hijackers
Zoombombing raids are taking place everywhere. Could you be a target? If so, we can help.
For those not in the know, "Zoom" is the name of a suddenly popular video chat app that allows multiple people to join a conversation.
Few people, except for professionals, had ever heard of it before the Coronavirus pandemic. But it was an instant hit as soon as people found themselves locked down at home and in desperate need of social contact with family and friends.
And, of course, it has been a boon for employees required to attend virtual meetings while working from home.
The makers of Zoom say that they have an average of 300 million daily meetings -- that's a lot of people for the hackers and scammers to take aim at.
And they're not alone in this market. Microsoft has a popular professional product called Teams, while Facebook recently joined the fray with its own version of multi-person video called Messenger Rooms.
In other words, it's a fast-growing marketplace for organizations and individuals, but Zoom was definitely out in front with the general public when the "bomb" dropped.
In this case, "bombing" refers to hackers dropping in on Zoom conversations and often disrupting them with insults and threats. In one case, they were alleged to have thrown up pornographic images on participants' screens. Hence -- "Zoombombing."
This isn't just annoying. It's a huge security issue. And since, one way or another, we're likely to be having more virtual meetings in the future -- now that we know how to do it -- we need to be able to stop the bombers.
Thanks to watchdog Consumer Reports, or more particularly to one of its readers who fell victim, a number of key steps have been identified that can help you thwart the Zoombombers.
The reader, Loren Ford, a former privacy lawyer and counsel for Google, told the publication: "Zoom wasn't built for its current use. It was built for business meetings, which don't have the same level of privacy and security concerns as a massive platform for connection of all kinds."
Zoom responded quickly to the disclosure of incidents by tightening up security. They were so worried that, earlier this month, the firm actually bought a security company to add another layer of protection.
But for now, users, especially meeting organizers and not just of Zoom, may be exposed to bombers just because their own sense of security is not as sharp as it should be.
Ford offers the following tips aimed at organizers to counter the bombers:
- Tell your participants not to publicize the meeting, especially with links, on social networks.
- Be cautious and aware of all meeting participants. Make sure you know them and why they are there.
- Don't allow participants to join the meeting before you do -- or to hang around afterwards.
- Use the software's "waiting room" feature, that allows you to review participants before virtually opening the door to them.
- For meetings where not everyone is known, don't allow users to use virtual backgrounds (downloaded from the Internet) because intruders might use them to post insulting messages. Another feature allows you to put a would-be participant on "hold" and unable to take part until you've established their credentials.
- Be wary about how you name meetings. Zoombombers are good at guessing them and sneaking in, especially if you use family or business names. Zoom has its own mechanism for generating meeting names. Use that instead.
- Consider using entry passwords. They're a must for meetings that include children, says Ford.
Once meetings are in action, there are several controls available to organizers including the ability to mute one or more participants, turning off whiteboard sharing and disabling file transfers during chat, to prevent bombers from sending malware to others taking part.
More Coronavirus Scam Alerts
Staying with the general theme of Coronavirus scams, we have a couple of new warnings to pass on to you.
First, the US Federal Trade Commission (FTC) has warned about certain nursing home and assisted living facilities making Medicaid residents sign over their stimulus checks.
The homes are allegedly claiming they're required to do this under Federal rules that the homes say mean the checks are so-called "resources." Legally, money that meets the definition of resources has to be included as part of a recipient's Medicaid benefits.
But, says the FTC, stimulus checks do not qualify as "resources." In other words, homes may simply have made a mistake or, more worryingly, might just be planning to keep the money for themselves. So, don't hand your check over.
Second, a study of YouTube videos concerning the Coronavirus found that a quarter of them all contained misleading or inaccurate information. In total, 62 million people were reported to have viewed the offending items.
The British broadcaster, BBC, reporting on the findings, says it's not just troublemakers and people with malicious intentions who are posting the videos. Some were inaccurate government reports and others were found in the mainstream media.
The report served to highlight our regular warning about fake news: Be skeptical of anything and everything you read online. If you think it's important, check it out with other Internet sources.
Please pass on these warnings to friends or families who could be affected.
Time to conclude for today -- have a great week!