In 2025, remote meetings have become the default for business, finance, and crypto collaboration. But as convenience rises, so do targeted scams—many of which look like everyday video calls.

One of the most dangerous threats today is a scam campaign known as Elusive Comet, which uses fake Zoom meetings to trick professionals into giving remote access to their devices. The result? Stolen assets, compromised accounts, and total digital collapse.

Here’s what you need to know—and how to protect yourself and your team.

What Is the Elusive Comet Scam?

Elusive Comet is a social engineering campaign that targets professionals—especially in crypto and finance—by impersonating journalists, investors, or podcast hosts. The attacker sends a fake Zoom invitation, often using a Calendly link or Gmail account, and convinces the victim to:

• Share their screen

• Grant remote control access

• Leave wallets, passwords, or documents visible

Once access is granted, the attacker moves fast—browsing files, draining wallets, and sometimes planting persistent malware.

Real Cases: From Interview to Catastrophe

• Jake Gallen, a crypto investor, accepted what he believed was a Zoom interview. Within minutes of granting remote access, attackers installed malware, accessed his crypto wallets, and stole the majority of his holdings.

• Dan Guido, CEO of Trail of Bits, received a similar invitation but identified red flags before accepting—saving him from a likely breach.
  

These examples show how normal business behavior can become a security risk when trust is exploited.

Why Screen Sharing = Attack Surface

The Zoom feature that makes collaboration easy—remote control—is also what gives attackers an open door. Once granted, they can:

• Navigate your computer as if they were sitting in front of it

• Access browser-stored credentials

• Export seed phrases, wallet apps, and 2FA tools

• Inject malware or spyware for later re-entry

Most users never suspect it—until it’s too late.

How to Stay EXTRA SAFE (Without Adding Friction)

Follow these security practices for any remote meeting:

• 1.

  Never accept remote control requests unless independently verified.

• 2.

  Close wallets, password managers, and sensitive apps before screen sharing.

• 3.

  Use screen sharing in window-only mode—not full desktop.

• 4.

  Confirm meeting invites via trusted channels before joining.

• 5.

  Avoid unexpected Zoom links—host sensitive meetings in platforms like EXTRA SAFE.

EXTRA SAFE: Built to Block These Attacks by Design

Unlike Zoom or Google Meet, EXTRA SAFE has no remote access, no screen sharing by default, and no user metadata. Each meeting is:

• End-to-end encrypted (contacts and session protection), voice and video streams transmitted with WebRTC technology.

• Peer-to-peer (no central server handling your data)

• Accessed via custom link or private EXTRA SAFE ID

• Destroyed after the session ends

Encryption keys are generated locally on your device and never leave it. No servers ever process your private data.

If you’re running a high-risk operation, or just want to stop trusting blind invites—EXTRA SAFE gives you the default-deny posture by default.

Final Thought

Remote work isn’t going away—but blind trust needs to. Privacy-first communication tools are no longer optional. They’re your first line of defense.