Avoid Virtual Meeting Hijacking

Consumer Alert Headr

URGENT CONSUMER ALERT: Avoid Virtual Meeting Hijacking

Michigan Attorney General Dana Nessel issued an urgent consumer alert cautioning Michiganders who are now participating in video-teleconferencing to be on high alert for hackers looking to sabotage your virtual meetings.  

With the increasing popularity in video-teleconferencing due to employees, students and others communicating remotely during the coronavirus disease 2019 (COVID-19) outbreak, Michigan Attorney General Dana Nessel wants everyone to be mindful of potential hijacking and cybersecurity breaches. 

Zoom has quickly become a popular user-friendly tool to conduct virtual meetings, but it's important to remember that we must protect ourselves from hackers while using the platform. Attempts to hijack these meetings have surfaced here in Michigan already and the Federal Bureau of Investigations (FBI) has also received multiple reports of teleconferences set up through Zoom being disrupted by pornographic and/or hate images and threatening language. Schools using the technology to conduct classroom exercises have also reported interruptions in video-teleconferencing sessions. 

There are procedures that can be implemented to operate a more secure video-teleconference, including the creator or host's ability to prevent screen sharing for participants in the session.   

The FBI recommends exercising due diligence and caution in cybersecurity efforts, and recommends taking the following steps to mitigate teleconference hijacking threats: 

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control admitting guests. Once all guests have joined, the meeting can be locked to prevent hackers from entering. 

  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people. 

  • Manage screensharing options. In Zoom, change screensharing to “Host Only" and adjust the file transfer settings. 

  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated its software and added passwords by default for meetings and disabled the ability to randomly scan for meetings to join. 

  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security. 

Zoom also recommends that users avoid using their Personal Meeting ID (PMI) to host public events. Your PMI is basically one continuous meeting and you don’t want to grant random people the ability to access your virtual space during or even after the meeting is over. For this reason, you should generate a different meeting ID for every virtual meeting. An update to Zoom's security resources was posted in March for users to reference at their convenience.  

The FBI asks victims of teleconference hijacking, or any cyber-crime, to report it to the FBI’s Internet Crime Complaint Center.  

 

Disclaimer