Security experts are raising alarms as a new wave of scammers targets X users, masquerading as crypto journalists and deploying fake Calendly links to deceive victims.

The Deceptive Strategy

Reports from blockchain security firm SlowMist reveal a troubling trend: cybercriminals are preying on Chinese-speaking individuals by posing as crypto reporters. Their approach involves sending direct messages containing counterfeit Calendly bot links, seemingly offering interview scheduling options.

However, the danger lies within the link. Granting access unwittingly hands over control of the victim's X account to the scammers. This access allows the perpetrators to spread phishing links through the victim's posts.

Targeted Tactics and Warnings

Though the full extent of the scam's reach remains unclear, SlowMist highlights that scammers often communicate in broken Chinese and concentrate their efforts on crypto influencers. Suspicions point to a connection between these cybercriminals and the notorious crypto hacking group, Pink Drainer.

Users are advised by SlowMist to remove any suspicious applications or sessions in their X settings promptly to mitigate the risk of unauthorised access.

Past Instances and Ongoing Threats

This isn't the first instance of scammers impersonating journalists to exploit victims for private data and cryptocurrencies. Last November, SlowMist exposed a sophisticated phishing attack on the crypto startup Friend.tech. In that instance, fraudsters leveraged fake interviews and malicious scripts to target users.

Similarly, during the same month, an unidentified con artist posed as a Forbes journalist, targeting Bored Ape Yacht Club NFT holders. These scammers initiated interviews and recorded screens through multiple call links, leaving victims vulnerable to potential exploitation.

A Cautionary Tale

As scammers continuously evolve their tactics, users must exercise extreme caution. The impersonation of journalists is a concerning trend, emphasising the importance of verifying the legitimacy of communication channels and refraining from granting access to unfamiliar links.

Stay vigilant, scrutinise all interactions, and promptly report any suspicious activity. Only by collectively safeguarding against such deceptive schemes can the community protect itself from falling victim to these cyber threats.