Zoom Meetings – Safe and Official Use of the Platform

As organisations are shifting to video conferencing using Zoom more and more, hacking groups are trying to figure out novel ways to hack organisational networks using the Zoom client.

Some of the ways hackers are exploiting systems are mentioned in this and this article.

You can ensure you’re not impacted by this by following these simple guidelines.

  1. Install the correct Zoom Client (not a malware-infused version) – ensure the website start with https://zoom.us
    1. Hackers will sometimes try to imitate websites, by using similar domains (such as https://zoom.us.org.au or https://zoom.us.videoconference.com/) so only use the official site.
    2. Avoid using Google search to download the Zoom client, instead type the direct website into your address bar https://zoom.us or let it download automatically when you visit a Zoom video conference joint link.
  2. Do not open any link in the Zoom chat window that starts with “\”  – these links may be shared by both internal and external meeting participant – and may contain malicious links that end in spyware or malware being installed on your computer, compromising the whole organisation’s system.
  3. Share these important points with people who you invite to meetings, so that we can help prevent other organisations’ and businesses’ networks from being compromised.

If you think you may have downloaded a suspicious version of Zoom, or you receive link and you’re unsure whether it is safe, get in contact your IT staff for guidance.

It’s likely that Microsoft or Zoom itself will release a patch for the “\” vulnerability in a week or two.

Further Reading

To understand what it looks like when you are about to be infected through a shared drive link, watch this video, or read this article.