Well, I hate to say it but something truly bizarre happened to me on a Zoom meeting I was running for Herren Project. With COVID-19 leaving companies and organizations across the globe no other option than to have personnel work from home, many are relying on virtual meeting apps (Zoom being one of the most popular) to conduct business. Moreover, this pandemic has left those in recovery to turn to virtual, online recovery meetings – an important form of support for those who have been impacted by substance use disorder. Unfortunately, this pandemic has also left some people to get creative in the ways they amuse themselves, including “Zoom-bombing”. Much like a photobomb, Zoom-bombing is a growing trend where strangers will spam random numbers within the Zoom app hoping to drop in on unsuspecting meeting groups. I had never considered that this is something that people would do, so I never put much thought into our Zoom settings which were set to a level that made it easy for meetings to be overrun by spammers. You can imagine my shock when a meeting I was running started to be joined by unfamiliar faces. I was baffled, but did my best to remove the uninvited guests, only to be met by more dropping in by the minute. I couldn’t keep up with the onslaught of Zoom-bombers so I decided to end the meeting with the promise that I would look for a solution to prevent this type of bombardment from happening again and ensure that we could provide a safe and supportive online meeting environment for our attendees.

We have been using Zoom for almost five years at Herren Project, so I am familiar enough with the application that it didn’t take me long to dive in and figure out how to prevent this unfortunate exploit.

I’d like to share with you the steps I took, but I should note a couple of things about regarding Zoom. First, we are on a paid version of Zoom so I am not sure if this will be effective for a free host account. Given the recent acceleration of Zoom-bombing, I would recommend that groups purchase a license and share the login information. This will ensure safety and sanity for all involved. Secondly, I did think about requiring a password to join a meeting, but this would still have to be publicly available and thus accessible to spammers. That being said, the steps detailed below are the settings that should be implemented to ensure a private, spammer-free meeting without requiring a public password.



This can be done in your account when you create or edit a meeting and needs to be done prior to starting the meeting. This will give a host or co-host the ability to grant individual admission to participants into the meeting and allow you to block a suspicious account from ever entering the meeting. Most of the spammers I encountered did not use their real name or had an inappropriate screen name so it should be easy to spot an uninvited guest. To access this during the meeting, click on participants – the top portion will show people waiting to be admitted and those who already have admission.

The next steps need to be done as soon as the meeting starts. I strongly suggest that the host join the meeting a little early to ensure the following settings are implemented.



This can be done in the settings of your account. It is listed under in meeting (basic). This will prevent anyone but the host from sharing their screen.


When you enter the meeting click on chat. The bottom left hand side will have three little dots. Click on that and choose all chat with host only. This will prevent participants from messaging anyone but the host. If a spammer happens to get in and writes an inappropriate message,it will only be able to be seen by the host.

The next steps can be done in the same settings group. Inside the meeting go to participants and then about half way down on the left side of the screen you will see more, click on that and make sure the all the options are unchecked.



Something I really enjoy is the interactions that are had between participants while we are waiting for a meeting to start. If you are sure no Zoom-bombers are in the meeting, you can unmute all and allow these pre-meeting interactions to take place, though it is totally up to you. You can always quickly mute all if needed.



This is the number one weapon of zoom bombers. They come in and unmute themselves and have at it. Disallowing participants to unmute themselves will shut down their ability to say anything.

If you forgot to do this, you can always lock meeting if a Zoom-bomber finds their way into your meeting. This can be accessed in the in meeting controls under participants. It will prevent anyone new from entering the meeting and it will allow you to remove the spammers and then move forward with the meeting.

I hope this helps! It has worked for us and has allowed us to have safe meetings for all.

Kevin Mikolazyk
Executive Director