University of Auckland logo

Stay informed

Receive updates on teaching and learning initiatives and events.

  1. Home
    2.  — 
  2. Announcements
    3.  — Zoom bombing: How to avoid unwanted guests

Zoom bombing: How to avoid unwanted guests

19 July 2023
Photo by Gustavo Fring on Pexels
Learn about the Zoom settings that help to make your meetings secure.

Zoom bombing is an unwanted person joining your meeting, eavesdropping or causing mischief, like posting obnoxious material to the screen or in the chat. It can occur if the meeting link was forwarded to others or posted on social media or a public website, and if your Zoom security settings are inadequate.

Zoom includes features to make your meeting secure but first we’ll talk about what to do if you are caught out.

A person wearing a hood using a laptop
Photo by Azamat E on Unsplash

What can you do during a Zoom bombing incident?

Meeting hosts and co-hosts have the ability to take the following action.

Suspend participant activities

Stop all users from chatting, sharing their screen, using the whiteboard etc. It will also lock the meeting so that new users cannot join. This is available from the meeting Security button on the Zoom toolbar. You will be given the option to report the incident to Zoom support – they may be able to assist in further investigation and take appropriate action.

Zoom security setting: Suspend participant activity

Zoom toolbar with the security icon highlighted. The security option to Suspend participant activity is circled.

Remove the user

Rather than fumbling around in Zoom, trying to take down the unwanted material, find the unwanted user and remove them.

  1. From Zoom, open the Participants panel.
  2. Look for the user’s name (or screen name).
  3. Click the three dots next to their name and choose ‘Remove’.

As the meeting is now locked, they will be unable to re-join your meeting.

Zoom participants' panel showing remove user option

Zoom toolbar with participants icon highlighted. A panel showing all meeting participants is displayed with a remove user option next to someone’s name.

Resume the meeting

Once you have controlled the situation and the miscreant has gone, re-enable the security measures that you are comfortable with, like Enable participants to: Chat, Unmute themselves, and Start video.

Zoom security settings

Zoom toolbar with the Security icon highlighted. Participants security settings that are enabled are: chat, unmute themselves, and start video.

At this point, screen sharing will be disabled for everyone except hosts and co-hosts. If you have a guest presenter wanting to share their screen, make them a co-host by clicking the three dots next to their name in the Participants panel.

Schedule secure meetings

Note: We recommend using using the web browser version of the Zoom scheduler rather than the App version, especially if your meeting will have external presenters/guests. A setting to allow exceptions for externals is missing from the App.

Go to: https://auckland.zoom.us/meeting/

Scenario one: Your Zoom meeting is for UoA participants and (optionally) known external presenters/guests

Follow these steps if your meeting is for UoA staff and/or students and known externals.

From https://auckland.zoom.us/meeting/, click Schedule a Meeting.

Schedule a Meeting button

Avoid using your Personal Meeting ID (PMI) for links to advertised/public meetings. Generate a unique meeting ID for each session or recurring series of meetings.

Zoom meeting ID settings

Select Require authentication to join then select University of Auckland from the dropdown menu. Users who are not signed into Zoom with their University credentials (or granted an authentication exception) will be unable to join.

Zoom settings: Require authenticated users

Optional: External presenters or guests (authentication exception)

If you expect someone from outside of the organisation, click Add Authentication Exception.

Zoom settings: Add exception

Add their name and email address and click Save.

Zoom settings: Add external presenter name and email

Click Add Participant as many times as you need.

Alternative hosts / co-hosts

If you know in advance who will be co-presenting with you (to enable screen-sharing etc.) make them an alternative host. Click Show for Advanced options.

Zoom settings: Show extra options button

Type their name into the Alternative Hosts field to select your colleague. You cannot add externals from here but you can add them as alternative hosts once the meeting has started by clicking the three dots next to their name in the Participants panel.

Zoom scheduler: Alternative hosts

Scenario two: If your Zoom meeting is open to external participants, use a Waiting Room to control access

Follow these steps when you expect external participants and when it is not practical to arrange authentication exceptions for them in advance.

When scheduling the meeting, select Require authentication to join then select Sign in to Zoom from the dropdown menu. Users who are not signed into Zoom will be unable to join.

Zoom settings: Require authenticated users and Waiting Room

Enable the Waiting Room. This allows you to vet external participants before granting them access. The Waiting Room requires a host or co-host to let people join a meeting in progress via the Participants panel. Although participants can choose any ‘screen name’ they like, this step reduces the likelihood of undesirables ‘bombing’ your meeting; you can let people in who you recognise.

Set up your alternative hosts as usual (see the instruction for scenario one).

Zoom scheduler: Advanced settings

 If during the meeting you want an external participant to screen-share, you can assign them as an alternative host by clicking the three dots next to their name in the Participants panel.

Allow UoA participants to bypass the Waiting Room

Add a trusted domain to reduce the number of people that you have to manage via the Waiting Room. For University of Auckland staff or students to join the meeting automatically:

  1. Go to your general Zoom settings:
  2. Under Waiting Room options, click Edit Options

Zoom settings Waiting Room

  1. Under Who should go in the Waiting Room, choose Users who are not in your account and not part of your whitelisted domains.
  2. Then, add *.auckland.zoom.us as a whitelisted domain.

Zoom settings waiting room

General tips

Avoid sharing Zoom meeting links on public platforms or social media. Instead, send meeting invitations directly to trusted individuals via email or other secure communication channels.

During meetings (if practical), once all the intended participants have joined, lock the meeting to prevent any further entry. This option can be found in the Security button in Zoom.

Regularly update your Zoom application to the latest version. New updates often include security enhancements and bug fixes that strengthens your protection against potential vulnerabilities. Do this by checking for updates via the drop-down under your profile picture.

Zoom options: Check for updates

Depending on your meeting requirements, familiarise yourself with Zoom’s security features, such as disabling file transfers, chat functions, or private messaging. We have provided additional instructions on changing your security settings within Zoom.

Avoid clicking on suspicious links or downloading attachments from unverified sources, as they may contain malware or phishing attempts that compromise your security.

It is important to be proactive and implement security measures to reduce the risk of Zoom bombing. In the event of an intrusion, swift action will help mitigate the disruption and restore a secure virtual meeting environment. Prevention is key.

Page updated 21/01/2025 (improved security instructions to be consistent with improvements to Zoom)

Send us your feedback

What do you think about this page? Is there something missing? For enquiries unrelated to this content, please visit the Staff Service Centre

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.