Block fake Calendly websites (ongoing social engineering scam campaign) #430
Labels
Code Update 🔔
Code Update
enhancement 👍
New feature or request
FINSIHED
FINSIHED
Priority: Medium
Priority: Medium
Testing - Passed
Testing - Passed
Enhancement idea
Description
Have you been contacted by a 'Forbes Employee' or someone who wants to interview you for an article, partnership, or job? Are they asking you to connect your wallet or twitter account to Calendly? If so, DON'T DO IT!!!
This is a Social Engineering scam that is currently compromising twitter accounts, but how does this work?
A very convincing individual will contact you pretending to be an employee from Forbes or another company asking to interview you and will ask for you to schedule a meeting via Calendly.
Once you go to the calendly link it actually goes to
Calendly[.]fi (SCAM LINK)
notCalendly[.]com (REAL WEBSITE)
, which prompts you to "Connect X Integration" to schedule a meeting.When you go to connect you get redirected to grant the real looking scam "Calendly" all of the dangerous permissions to act on your behalf of your X account.
After they have you authenticate your account, they will create a fake site, and post tweets, with comments off, and botted stats to try and get your followers to click on the "limited 100 mint website" which leads to a wallet drainer site... This has already gotten many accounts by posting a FOMO wallet drainer link, which they also update the bio to the scam link, and continuously spam the malicious posts.
It is extremely important to note that when you get a random DM you should never connect your wallet, twitter account, or anything!!!! If you have connected your account, you need to go:
We have gotten the website, app, API key, and other stuff associated to this taken down but this is another social engineering scheme we have seen be super successful and we must educate to prevent this from having a further impact on our Web3 community.
Links
https://twitter.com/nft_dreww/status/1737824627378798897
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
n/a
Domains
n/a
IP's
n/a
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a
The text was updated successfully, but these errors were encountered: