If you receive a message from someone edge Ask to schedule an interview on cryptocurrency, don’t do it. One phishing scam attempts to trick users into clicking on a fake Calendly link to “schedule” a fake interview, thereby stealing Discord credentials in a wallet-draining scam.
We recently found out there was a bad actor posing as edge Science journalist Justine Calma perpetrated the hoax. Justine recently changed her username on X (formerly Twitter) from @justcalma to @justinecalmajourno.Scammer hijacked her old account @justcalma — it still exists on her edge profile at the time — and exploited her identity when messaging users about the fake interview.
If the victim says they are interested, the bad guys will send them A link to a phishing website disguised as a Calendly page. The page attempts to steal the victim’s credentials by asking them to “authorize” their Discord account to schedule an interview. Based on what other Calendly scams have shown in recent weeks, attackers may use victims’ credentials to access their Discord or other social media accounts and share a scam with users that drains crypto wallets.
Reporter from edge The attackers aren’t the only ones posing.Earlier this month, the blockchain security platform Contacted CertiK at Attackers impersonating journalists Forbes He asked to schedule the interview through Calendly. After conducting the scam, the bad actors gained access to CertiK’s X account, which currently has approximately 346,000 followers. The attacker posted a tweet warning users about the fake exploit. This prompted them to use Revoke.cash to encrypt malicious links to the website, thereby emptying the wallets of unsuspecting users.
While this scam seems to be primarily targeting users involved in the crypto industry, it’s still best to be wary any time you receive a link from Calendly or other form sites – especially if they ask you to link your social media accounts. Make sure the link you receive is legitimate by checking it against the actual domain it’s trying to take you to. This means looking carefully for spelling mistakes, added hyphens, or other differences between the real URL and the URL you receive, as scammers often try to make their fake URLs look as close to the real ones as possible. The fake Calendly website used in the current version of the scam is different from the one used in the December CertiK attack, which is still online as of this writing.
