Security experts issue warnings as malicious actors distribute fake Calendly bot clones on X, posing as crypto journalists.
According to an X post from blockchain security firm SlowMist, con artists are targeting Chinese-speaking victims by pretending to be crypto journalists. The scammers send direct messages, including links that mimic the appearance of a legit Calendly bot, for scheduling interviews.
However, once a victim grants authorization to the fake clone of the bot, they unwittingly give control of their X account, providing scammers with the ability to distribute phishing links through their posts.
Although the scale of the scam attack remains unclear, SlowMist notes that the scammers often communicate in broken Chinese and focus their efforts on crypto influencers. According to user @0xcryptowizard on X, the cyber criminals are linked to the crypto hacking group known as Pink Drainer.
SlowMist has urged users to delete any suspicious applications or sessions in their X settings to mitigate the risk of unauthorized access.
This is not the first time scammers are impersonating journalists in a bid to exploit victims and pilfer private data and cryptocurrencies. In November 2023, crypto.news reported about SlowMist’s revelation of a sophisticated phishing attack on the crypto startup Friend.tech, where fraudsters utilized fake interviews and malicious scripts to target users.
During the same month, an unidentified con artist, posing as a Forbes journalist, approached holders of Bored Ape Yacht Club non-fungible tokens (NFTs), requesting their experiences with the popular NFT collection. In interviews, the scammers set up multiple call links and recorded screens using a separate recorder bot, as reported by one victim.
Source: https://crypto.news/scammers-impersonate-crypto-journalists-with-malicious-calendly-links-on-x/