JAYMAN¹

Clicking Launch downloaded the Zoom exe But that didn't make sense since Zoom is installed. This could happen perhaps if the local Zoom is outdated, but it was suspicious enough to start checking things. - Checking the URL was an instant fire alarm - https://t.co/1txVmQtO8o (Real one is https://t.co/YskcoZnxB3) Running it by a URL reputation checker shows it can't be a legit Zoom URL. - Going back to the video pic, googling their names showed they are GitLab employees🤨 - Connecting to the meeting ID through the Zoom client fails. At that point I stopped comms with the scammer, but this was a whole lot closer than it should have been. Scammers are becoming more sophisticated now and Web3 sec bros are a prime target for social engineering: - Mostly on-chain payment of serious cash - Access to zero days during disclosure periods - Access to sensitive private repos Here they went for the maximum pressure play by making it seem like everyone is waiting to start the call. The conf call link is also an unusual vector, and the link to a legit looking project lowered my defenses somewhat. They also popped a redirect to the real Zoom website after pressing the download button, quite sneaky. Takeaways: - Don't accept powerful/complex file formats from clients (.exe, python packages, .zips etc) - Sensitive files, wallets etc should probably not be on the day-to-day device - Be on the lookout for more advanced social engineering vectors. Assume the next one is only going to be harder to spot.