cancel
Showing results for 
Search instead for 
Did you mean: 

Event Notices Sent Out in Error

pfmarotto
Explorer
Explorer

We just had a unique issue come up that I wanted to share with everyone.

A learner reached out to one of our trainers to as if the remote class was in fact cancelled.
The trainer said that class was not cancelled and was informed that the learner had received an email that it was. The learner forwarded a screen shot of the email to the trainer, at their request.

Sure enough, the meeting ID number matched the upcoming webinar.

I was informed of this issue by the trainer and received the forwarded screen shot.
About 10 minutes later the trainer called me back and confirmed that the email listed as the sender was one of the people scheduled to attend today's class. The trainer and I were on the same page, as I was about to check the sender off of scheduled attendees before he called to confirm that this potential security breach was a false alarm.

The attendee that sent the email to all the other learners was attempting to email the trainer to confirm the class was still taking place and does not understand how this went out as an event cancellation either.

Could this have been someone randomizing meeting ID numbers to disrupt upcoming meetings, webinars, and remote classes? Sure. It's a buck shot approach, but then it is the easiest method of hacking and disruption out there.
Could this have been a disgruntled learner? Absolutely (for those questioning this one, one school I taught at used to get fake bomb threats in adult education from students angry about their test scores.)

So, why post this?

Well, for starters some of you may be new to Zoom and are on the community page to learn all you can. I hope this helps you in your self-study.

Second, if you are a Zoom Admin. you may get all manner of question from your users. Now you have one more possible answer for a user’s question, no need to reinvent the wheel, so your solution may be a bit easier.

Third, to reemphasize the point that as much as we are happy the issue was a simple mistake, security incidents do happen, and we must be willing to explore those possibilities. Security incidents are a matter of when, not if. Initially this was a security issue, and until proven otherwise I was going to do some reading to determine if this was a new malicious trend. Being a security professional, as well as educator and Zoom Admin., there is no shame in exploring this route, nor is there anything but relief when an issue turns out to be a false alarm. (We in security actually like false alarms.)

As stated earlier, I hope this helps some people who may come across a similar issue. Fingers crossed your issue is also a false alarm.

 

 

 

 

1 ACCEPTED SOLUTION

RN
Community Moderator | Employee
Community Moderator | Employee

Hey @pfmarotto, super interesting security concern as we take the privacy of Zoom Meetings very seriously. I'd advise you to submit a report to our trust team by completing the webform at https://zoom.us/trust-form. Looking at the email you've received I would double-check with the host and their email, as well as the email being legit from the sender.

 

It's possible another external user guessed the number or there was another ID that is similar they are miss typing or others are clicking on an old email that has the join URL. You may change your Meeting ID if this is concerning for you, otherwise, you will just need to remove join before host (prevent users from actually joining the meeting), which users are most likely to miss entering a meeting ID.

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯
Zoom Community Moderator
he/him/his

Have you heard about Zoom AI Companion? ➡️ Check it out!

View solution in original post

1 REPLY 1

RN
Community Moderator | Employee
Community Moderator | Employee

Hey @pfmarotto, super interesting security concern as we take the privacy of Zoom Meetings very seriously. I'd advise you to submit a report to our trust team by completing the webform at https://zoom.us/trust-form. Looking at the email you've received I would double-check with the host and their email, as well as the email being legit from the sender.

 

It's possible another external user guessed the number or there was another ID that is similar they are miss typing or others are clicking on an old email that has the join URL. You may change your Meeting ID if this is concerning for you, otherwise, you will just need to remove join before host (prevent users from actually joining the meeting), which users are most likely to miss entering a meeting ID.

⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯
Zoom Community Moderator
he/him/his

Have you heard about Zoom AI Companion? ➡️ Check it out!