Scammers Are Posing as Crypto Journalists to Dupe People With Calendly Links on X
In the rapidly evolving landscape of cryptocurrency, scammers are employing increasingly sophisticated tactics to exploit unsuspecting victims. Recent reports from blockchain security firm SlowMist highlight a concerning trend where malicious actors are leveraging the trust associated with journalism to target the crypto community on the platform X, per Crypto News. According to a post on X by SlowMist, scammers are posing as crypto journalists to deceive Chinese-speaking victims. The perpetrators initiate contact through direct messages, sharing seemingly legitimate Calendly bot links for scheduling interviews. However, these links are cleverly designed clones that, once authorized by the victim, grant control of their X account to the scammers.
🚨SlowMist Security Alert🚨
— SlowMist (@SlowMist_Team) January 8, 2024
Recently, victims have been phished by people pretending to be journalists. The scammer often spoke broken Chinese and sends a normal-looking Calendly link. However, upon clicking, the link’s name changes to “Calendly.”, with an additional dot. This… https://t.co/PN3sANKknH pic.twitter.com/Sy7WNNGTJv
How do these scams unfold?
While the full scale of the attack is yet to be determined, SlowMist emphasizes that scammers often communicate in broken Chinese, indicating a targeted approach towards Chinese-speaking crypto influencers. One X user, @0xcryptowizard has connected the cyber criminals behind this scheme to the notorious crypto hacking group known as Pink Drainer.
The implications of falling victim to this scam are severe. With control over the compromised account, scammers can distribute phishing links through the victim's posts, potentially leading to further unauthorized access and the theft of sensitive information. To protect themselves, SlowMist advises X users to be vigilant and promptly delete any suspicious applications or sessions from their settings. Taking swift action to remove unauthorized access can mitigate the risk of falling prey to such scams.
These crypto scams are not new
Unfortunately, this is not the first instance of scammers exploiting the guise of journalism within the crypto space. In November 2023, SlowMist exposed a sophisticated phishing attack on the crypto startup Friend.tech. In that case, fraudsters employed fake interviews and malicious scripts to target users, emphasizing the need for constant vigilance within the crypto community.
Similarly, in the same month, an unidentified con artist took on the persona of a Forbes journalist to approach holders of Bored Ape Yacht Club non-fungible tokens (NFTs). The scammers sought to extract information from NFT holders under the pretext of documenting their experiences with the popular collection. Multiple call links were set up, and screens were recorded using a separate bot, as revealed by a victim.
How to be safe from these scams
These incidents underscore the importance of verifying the legitimacy of communication, especially when dealing with requests for personal information or authorization. Users should exercise caution and conduct due diligence before clicking on any links or granting permissions, even if the source appears to be a reputable journalist or media outlet.
The crypto community must remain vigilant and educate itself on the evolving tactics employed by scammers. Security experts recommend staying informed about potential threats and regularly updating security settings to fortify defenses against such malicious activities. By fostering a culture of cybersecurity awareness, users can collectively contribute to safeguarding the integrity of the crypto space.