Catch Of The Week: I’ll Be Zoom For Christmas

By BECKY RUTHERFORD
Los Alamos

So with COVID-19 still running rampant across the world, more people than ever are using Zoom and other virtual teleconference tools to connect with loved ones. Before you plan that Zoom holiday party, (ugly sweaters and virtual cookie exchanges!) make sure you understand the risks and set up your meeting securely. 

During the busy holidays, the last thing you need is to be a victim of “Zoom-bombing” or a Zoom themed phishing scam. 

When setting up a Zoom meeting for your family, make sure you are setting it up securely. If you don’t lock down the security settings, you might become a victim of “Zoom-bombing”, where an uninvited guest breaks into your meeting and might even take over. 

In most cases where this happens, the victims are forced to watch as their meeting is hijacked, and inappropriate material (gramma probably doesn’t need to see hardcore porn) is displayed.

There are a few things you can do to make your meetings more secure:

  • Use the “Waiting Room” feature.  This will let you preview guests before allowing them into the meeting.  If this feature is on, you can also remove guests, which might come in handy if your drunk uncle gets too rowdy. 
  • Be careful where you post the meeting link.  Send it out privately to friends and family you want to invite, don’t just publicly post it on your Facebook page.
  • Don’t use your personal meeting ID for public meetings; use a randomly generated meeting ID instead.
  • Require a passcode to join the meeting.
  • Once all attendees have arrived, you can lock the meeting.

For more tips, check out Zoom’s detailed info on how to secure meetings here: https://zoom.us/docs/doc/Securing%20Your%20Zoom%20Meetings.pdf

Another big thing to watch out for – Zoom themed phishing emails. We saw an increase in Zoom themed attacks around Thanksgiving, and cybersecurity experts are expecting another surge for Christmas and New Year’s holidays. 

The latest scam looks like it is from Zoom and uses their logo to add to its legitimacy. This scam is sent via text, email, or social media and claims that your Zoom account has been “suspended”. Conveniently, it can be reactivated by clicking on an included web link. Do not click the link – it will either take you to a site where your Zoom credentials will be stolen or possibly download malware onto your machine. Not so merry! Your Zoom account will never be “suspended”, and these emails indeed do not come from Zoom.  Like most phishing scams, this one attempts to use a sense of urgency to get you to click the link. 

According to CheckPoint Security, since April of this year, 16,004 Zoom themed domains have been registered. It can be tricky to tell the real domains from the fake ones. Zoom’s primary domains are “zoom.us” or “zoom.com”. If you get an email with a domain like “zoommeetings.info” or any other odd variation, it’s a fake. 

To avoid falling for this scam, follow these simple tips:

  • Always check to see that the message is coming from one of Zoom’s legitimate domains, “zoom.com” and “zoom.us”
  • Avoid clicking on links sent to you by strangers
  • If you are worried that your account has issues, you can reach out to Zoom directly via the company website: https://zoom.us/

You can report phishing emails to the U.S. Anti-Phishing Working Group at phishing-report@us-cert.gov

It’s awesome that we have ways to be together, even when we’re apart, just make sure that you are using them securely. Have a safe and happy holiday! 

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems