Tips to avoid Zoombombing and scams

April 24, 2020

Dear Cornell Community,

With the university’s transition to online instruction and remote work, it is crucial that each of us understands how to safeguard our teaching, learning and work. This awareness includes taking appropriate security steps to prevent online attacks like Zoombombing, and to recognize fraudulent emails, calls and other financial scams designed to prey on our fears during this stressful period.

Guarding Against Online Scams

Fraudulent (phishing) emails are designed by malicious users to trick you into believing the sender is someone you know or can trust. The email may be forged to look like it came from a Cornell address, and links within messages may unexpectedly direct you to malware sites. Learn how to spot fraudulent emails.

Scammers are also taking advantage of fears surrounding COVID-19 with fake sites promoting products that allegedly prevent or treat the virus, by seeking donations, or offering student-oriented jobs or internships. CIT has advice on how to watch out for coronavirus scams.

Preventing Zoombombing

When you’re organizing a Zoom session, it’s important to take steps to prevent unwanted attendees and unwanted behavior, otherwise known as “Zoombombing.” Options include setting passwords, limiting who can enter your meeting, restricting what attendees can do during the meeting and not publishing meeting links on websites or social media. Learn how to keep Zoom meetings private and reduce the odds of Zoombombing.

We have developed guidelines to help you keep different types of meetings more secure.

Cornell and external participants, open forum, publicly promoted

• Use a Zoom Webinar and not a Zoom Meeting. (See Request Webinar.)

Cornell-only participants, open forum

• Set a password. Only share the password with those who are invited to attend.
• Use the Only Authenticated Users option, choosing Cornell Users.

Cornell-only participants with all participants known to you

• Set a password. Only share the password with those who are invited to attend.
• Use the Only Authenticated Users option, choosing Cornell Users.
• Do not post the meeting link on websites or social media.

Cornell and external participants with all participants known to you

• Set a password. Only share the password with those who are invited to attend.
• Use the Only Authenticated Users option, choosing Sign in to Zoom..
• Do not post the meeting link on websites or social media.

If you need additional guidance, the IT Service Desk can help you decide the best way to protect your meetings. To report abuse on Zoom, contact Zoom Security. Zoombombing is harassment of Cornell community members, and Zoom sessions may include those who are underage.

Keeping Yourself and Cornell Safe

These are difficult times for everyone, and we acknowledge that it can be challenging to keep track of the policies and technologies that we now use to teach classes, meet with colleagues or conduct outreach. However, by taking these steps, you can help keep our community safe and secure online as we work through this unprecedented situation.

Sincerely,

Michael Kotlikoff
Provost

David Lifka
Vice President for Information Technology and Chief Information Officer