cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is this a scam? Zoom Desktop Client For Linux

symbalex
Listener

‎2022-10-11 08:56 PM

I recently received an email from *********** which said

 

As an admin or owner of an account with users using the Zoom Desktop Client for Linux, we are reaching out to notify you that we will be retiring the current key pair used to sign the Linux client on November 2, 2022. To avoid service interruption, we advise that you ask your users to download and trust the new public key. 

 

Please follow the instructions below to download the new GPG validation key by 11/2/22 to avoid service interruption.

 

[...] and then some instructions [...]

 

Is this a scam or is it legit? I haven't managed to find other info about this on the zoom website.

12 REPLIES 12

Fermentlife
Listener

‎2022-10-11 09:34 PM

Me too!
I would not want to do this procedure without confirming that it is not an attack attempt.
Please give us your confirmation.
Thank you.

sundarvenkata
Listener

‎2022-10-11 09:53 PM

I got the same email as well. Please confirm if this is safe.

Jeff924
Listener

‎2022-10-11 11:22 PM

I got the same message.  It is suspect because, well, I don't want to say why it is suspect because I don't want the bad guys to learn how I came to suspect them.

 

I would expect zoom to send a message, in flat ASCII or flat UNICODE, that said "If you use the linux zoom client, then please login to your account as you normally do.  We have a message for you that we want to send you through a known secure channel".

Zoom: are you listening?

 

Bort
Community Champion | Zoom Employee
Community Champion | Zoom Employee

‎2022-10-12 07:58 AM

Hi all, 

Yes, this is an authentic email from Zoom. Please take the necessary steps to update your Linux client to avoid service disruption. 

0 Likes

Jeff924
Listener
In response to Bort

‎2022-10-15 08:45 AM

Bort, ask your security people about sending keys - keys! - through HTTP and not HTTPS.  Also, ask them about using any URL other than from zoom.com or zoom.us or zoom. (country code).  Also, ask them about sending ANYTHING material through E-mail!  For all intents and purposes, E-mail should be considered dead with the exception of alerting the recipient that there is a message for them on a protected web server.  I'm sorry.  It was a wonderful idea 50 years ago, but now bad actors are so prolific that it's just useless.  Even if it was not bad actors, the signal-to-noise ratio is fast approaching zero.  Yesterday, I counted.  Of the 283 E-mails,  only 3 were actually useful to me.

0 Likes

John_Z
Listener

‎2022-10-12 08:39 AM

Thanks for the reply.

Can we get some instructions that are much clearer?  The email makes little sense to me.

 

Thanks.

0 Likes

Bort
Community Champion | Zoom Employee
Community Champion | Zoom Employee
In response to John_Z

‎2022-10-12 09:09 AM

Yes, we're working on it. We'll have a more detailed support article available soon. 

0 Likes

japril
Listener

‎2022-10-12 11:06 AM

I imported the key into a gpg keyring just to check it out and it's from 2015 .. do you guys realize that?  Seems like an old key and not a new one.

Preview file
33 KB

PK
Attendee | Zoom Employee
Attendee | Zoom Employee

‎2022-10-12 12:53 PM

Hello @symbalex and everyone! I have an update for you:

Here's a support article regarding the email you received: https://support.zoom.us/hc/en-us/articles/9836712961165. In short, Zoom IS retiring the current key pair used to sign the Zoom desktop client for Linux. Based on some feedback, users were unable to download the new public key. Zoom is working to resolve this issue and will share details as we have them. No customer action is required at this time.

When we have additional instructions, we will update the support article.

 

If this helped, please mark this reply as a solution so others can see this message as well. Thank you!

sob
Listener
In response to PK

‎2022-10-13 06:15 AM

You may want to think about letting people know about this in the same way the change was announced, i.e. by e-mail! I had to go hunting to find this info.

0 Likes

PK
Attendee | Zoom Employee
Attendee | Zoom Employee
In response to sob

‎2022-10-13 08:13 AM

I agreethe team is working on it!

0 Likes

Rick-Pony
Listener
In response to PK

‎2022-10-19 12:48 AM

Yes, we have the same issue. After import the pub file, it's still the old key pair end with ****C71D.

So any update for this? When should we download the new public key?

0 Likes