Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block fake Calendly websites (ongoing social engineering scam campaign) #430

Closed
1 task done
summercms opened this issue Jan 6, 2024 · 0 comments
Closed
1 task done

Block fake Calendly websites (ongoing social engineering scam campaign) #430

summercms opened this issue Jan 6, 2024 · 0 comments
Labels
Code Update 🔔 Code Update enhancement 👍 New feature or request FINSIHED FINSIHED Priority: Medium Priority: Medium Testing - Passed Testing - Passed

Comments

@summercms
Copy link
Contributor

summercms commented Jan 6, 2024
edited
Loading

Enhancement idea

  • Block fake Calendly websites (ongoing social engineering scam campaign).

Description

Have you been contacted by a 'Forbes Employee' or someone who wants to interview you for an article, partnership, or job? Are they asking you to connect your wallet or twitter account to Calendly? If so, DON'T DO IT!!!

This is a Social Engineering scam that is currently compromising twitter accounts, but how does this work?

A very convincing individual will contact you pretending to be an employee from Forbes or another company asking to interview you and will ask for you to schedule a meeting via Calendly.

image

Once you go to the calendly link it actually goes to Calendly[.]fi (SCAM LINK) not Calendly[.]com (REAL WEBSITE), which prompts you to "Connect X Integration" to schedule a meeting.

image

When you go to connect you get redirected to grant the real looking scam "Calendly" all of the dangerous permissions to act on your behalf of your X account.

image

After they have you authenticate your account, they will create a fake site, and post tweets, with comments off, and botted stats to try and get your followers to click on the "limited 100 mint website" which leads to a wallet drainer site... This has already gotten many accounts by posting a FOMO wallet drainer link, which they also update the bio to the scam link, and continuously spam the malicious posts.

image

It is extremely important to note that when you get a random DM you should never connect your wallet, twitter account, or anything!!!! If you have connected your account, you need to go:

  • Settings > Security & Account Access > Apps & Sessions > Connected Apps and revoke the app

We have gotten the website, app, API key, and other stuff associated to this taken down but this is another social engineering scheme we have seen be super successful and we must educate to prevent this from having a further impact on our Web3 community.

Links

https://twitter.com/nft_dreww/status/1737824627378798897

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

n/a

IP's

n/a

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a
@summercms summercms added Code Update 🔔 Code Update In-progress In-progress Priority: Medium Priority: Medium enhancement 👍 New feature or request labels Jan 6, 2024
@summercms summercms mentioned this issue Jan 6, 2024
Merged
@summercms summercms added FINSIHED FINSIHED Testing - Passed Testing - Passed and removed In-progress In-progress labels Jan 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Code Update 🔔 Code Update enhancement 👍 New feature or request FINSIHED FINSIHED Priority: Medium Priority: Medium Testing - Passed Testing - Passed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@summercms