How to Help Prevent and Address Zoom Bombings

Over time, some FA videoconference meetings have experienced Zoom bombings. A Zoom bombing is when bad actors enter a meeting misrepresenting themselves as members in order to disrupt the meeting with profanity and other disturbing actions, words, or imagery, including that of a sexual nature.

Here is a list of simple things you need to do to help prevent and address Zoom bombing at your meeting. 

Prevention:

• First and foremost, never post the link and/or passcode to your meeting anywhere online outside of the FA website. Doing so has likely been the cause of a majority of the Zoom bombing we have experienced in FA.

• Be sure to have at least 3-5 tech-savvy committed members of your meeting in the positions of Host, Screen Sharer, and additional Tech Support (if needed). For the wellbeing and safety of our videoconference meetings and FA as a whole, it is critical to have ample people in place who meet the requirements and can carry out the responsibilities of these videoconference meeting service positions listed here in Document 7.

  • If you do not have enough tech-savvy people to rotate these positions regularly, in order to keep your members and FA as a whole as safe as possible, your group may need to consider closing your meeting or merging with another meeting that has ample skilled members in place. 

• Zoom Account Holder and/or Host should implement these step-by-step instructions (with helpful visual cues/screenshots) to make sure your meeting settings at the account level have all the necessary security measures in place.

The following instructions for Zoom bombing prevention are covered in the step-by-step instructions above, but here is a short list of the necessary actions your meeting needs to take:

• The Host and/or main Zoom Account Holder should disable screen sharing by “all participants” at the root/account level so that Zoom bombers cannot take over the screen. Only Hosts and Co-hosts should be able to share screen.

• The Host and/or main Zoom Account Holder should disable whiteboard access at the root/account level so that Zoom bombers cannot take over the screen. Whiteboards are not relevant to FA meetings and should not be enabled.

• The Host and/or main Zoom Account Holder should turn off the setting that allows participants to annotate on the screen. Annotating on screen is not relevant to FA meetings and should not be enabled.

• If your meeting has been bombed, to prevent further bombings, immediately change the link and passcode to your meeting and update your listing on the FA website. 

  • It is an important best practice to always have a current contact list of your committed members so that your meeting Host or Secretary can easily and immediately inform everyone of the new link and passcode.

• To help prevent further Zoom bombings, it is important that you report any incidents to Zoom directly if you have been bombed.

• When you rotate service positions twice annually, it is a best practice to have your Zoom meeting account holder change your videoconference link and passcode, and have your meeting’s Secretary submit the meeting change request on the FA website here.

Addressing:

• Meeting Hosts should: 

  • Your meeting Host and any additional Tech Support for your meeting should be well-versed in the step-by-step measures found here (with helpful screenshots) to combat Zoom bombing in real time.

• The following instructions for addressing Zoom bombing as it is happening are covered in the step-by-step instructions above, but here is a short list of the necessary actions your meeting Host needs to take:

  • Immediately suspend participant activities and report bombers to Zoom.

  • Disable screen sharing so Zoom bombers cannot display any images — but see above. Disabling of this feature for “all participants” should have already happened at the account level so that just Hosts/Co-hosts have control of the screen.

  • Disable the whiteboard so Zoom bombers cannot display or draw any images — but see above. Disabling of this feature for “all participants” should have already happened at the account level so that just Hosts/Co-hosts have control of the screen. 

  • Uncheck the Zoom feature that allows "all participants" to unmute themselves. 

    • Members will then need to be unmuted/muted by your meeting Host/Co-host “manually.”

  • Uncheck the Zoom feature that allows “all participants” to start their video so that Zoom bombers cannot turn their own cameras back on.

  • Turn on the waiting room feature in order to ask people to identify themselves prior to entering the meeting. 

• Meeting Hosts/additional Tech Support (if applicable) should:

  • Turn off the Chat feature so that Zoom bombers cannot write anything in the chat.

  • Disable personal picture for participants.

• If all else fails, the meeting Host can end the meeting for all.

After a Zoom bombing:

• At your next meeting following a Zoom bombing, if you have changed the link and passcode to your meeting and instituted the account-level settings linked above under the “Prevention” section, you should not have to take any other measures to ensure the safety of your meeting and its members. 

  • PLEASE NOTE: While waiting rooms used to be a deterrent, they are no longer effective against Zoom bombers. Zoom bombers frequently pretend to be members to gain access. Therefore, using the waiting room feature ongoing is not appropriate for our welcoming “open door” program of FA.  All waiting rooms do at this point is run the risk of turning legitimate newcomers away from our solution.

• Most importantly, take care of yourselves and your meeting members. Zoom bombings can be triggering and traumatizing to some. Seek support and see after your mental health.

• Here are additional links directly from Zoom that could help:

  • Security Settings

  • Hosting Meetings

  • How to Keep the Party Crashers from Crashing Your Zoom Event

  • Best Practices for Securing Your Virtual Classroom

  • Getting started with Zoom security and privacy

  • Report an incident

  • Reporting inappropriate behavior