Scammers impersonate crypto journalists with malicious Calendly links on X
Security experts issue warnings as malicious actors distribute fake Calendly bot clones on X, posing as crypto journalists.
According to an X post from blockchain security firm SlowMist, con artists are targeting Chinese-speaking victims by pretending to be crypto journalists. The scammers send direct messages, including links that mimic the appearance of a legit Calendly bot, for scheduling interviews.
🚨SlowMist Security Alert🚨
Recently, victims have been phished by people pretending to be journalists. The scammer often spoke broken Chinese and sends a normal-looking Calendly link. However, upon clicking, the link’s name changes to “Calendly.”, with an additional dot. This… https://t.co/PN3sANKknH pic.twitter.com/Sy7WNNGTJv
— SlowMist (@SlowMist_Team) January 8, 2024
However, once a victim grants authorization to the fake clone of the bot, they unwittingly give control of their X account, providing scammers with the ability to distribute phishing links through their posts.
Although the scale of the scam attack remains unclear, SlowMist notes that the scammers often communicate in broken Chinese and focus their efforts on crypto influencers. According to user @0xcryptowizard on X, the cyber criminals are linked to the crypto hacking group known as Pink Drainer.
You might also like: X users at risk as crypto scammers exploit new design flaw
If you think your X account is at risk, delete any suspicious applications or sessions asap in👇 “Settings->Security and account access->Apps and sessions”. pic.twitter.com/N8xK2vUPe4
— SlowMist (@SlowMist_Team) January 8, 2024
SlowMist has urged users to delete any suspicious applications or sessions in their X settings to mitigate the risk of unauthorized access.
This is not the first time scammers are impersonating journalists in a bid to exploit victims and pilfer private data and cryptocurrencies. In November 2023, crypto.news reported about SlowMist’s revelation of a sophisticated phishing attack on the crypto startup Friend.tech, where fraudsters utilized fake interviews and malicious scripts to target users.
During the same month, an unidentified con artist, posing as a Forbes journalist, approached holders of Bored Ape Yacht Club non-fungible tokens (NFTs), requesting their experiences with the popular NFT collection. In interviews, the scammers set up multiple call links and recorded screens using a separate recorder bot, as reported by one victim.
Read more: Scammers drained nearly $300m in 2023, data shows