UAE Cybersecurity Council warns of virtual meeting scams

Abu Dhabi: The UAE Cybersecurity Council has warned of scammers infiltrating virtual meetings due to weak security measures, cautioning that sensitive data exchanged during such sessions could be stolen.

The Council stressed: “Every unprotected link is an open invitation for fraudsters to infiltrate your virtual meeting and steal sensitive files and data without being noticed.”

It urged organisations to secure meetings by activating waiting rooms, enabling password protection, verifying participant names before granting access, and approving entries manually.

The warning highlighted that private meetings can be compromised through public links, giving fraudsters the chance to listen in and record conversations. It advised sharing links carefully and using strong safeguards for confidential sessions.

The Council also noted that reusing meeting links allows unauthorised entry, stressing the need for new links and passwords each time.

Breach attempts on the rise

The Council said such breaches became common during the digital shift triggered by COVID-19 but declined as awareness improved. However, hacking attempts targeting both public- and private-sector meetings still occur, often due to shared invites or repeated meeting IDs.

It warned that the impact of a breach depends on the type of meeting, its importance, and the nature of shared files.

Preventive measures

The Council cautioned that incorrect email addresses or compromised inboxes could send invites to unintended recipients. Risks escalate if invites grant “host” or “moderator” privileges, allowing intruders to control sessions.

It advised reviewing participant lists carefully and pre-setting permissions to limit screen sharing, microphones, and cameras.

Pranksters, it said, often use brute-force tools with weak or absent passwords, underscoring the importance of waiting rooms and strong credentials.

Security recommendations

The Council urged organisers to:

• Always generate random meeting IDs.

• Use strong, unique passwords.

• Activate waiting rooms for private meetings.

• Restrict access to verified accounts for official sessions.

It also highlighted risks of unverified apps, stressing that some may record calls or activate cameras. Users should download apps only from official stores, enable two-factor authentication, and review permissions closely.