In recent times, an alarming social engineering scam has surfaced, specifically targeting individuals who have been contacted by someone claiming to be a 'Forbes Employee' or a representative from another reputable company. This scam involves a seemingly legitimate request for an interview, partnership, or job opportunity, accompanied by a cunning ploy to compromise personal information.
The perpetrators of this scam employ a sophisticated strategy that involves directing unsuspecting victims to a fraudulent Calendly link, masquerading as the authentic calendly.com. It is crucial to exercise caution and refrain from connecting your wallet or X account to such suspicious links.
The process unfolds when an individual, posing as a Forbes or company employee, persuades the target to schedule a meeting using Calendly. However, the provided link redirects to Calendly[.]fi, a scam link designed to deceive users. At this point, the victim is prompted to "Connect X Integration" to facilitate the scheduling of the meeting.
Virustotal shows which security vendors flagged that URL as malicious.
We have already investigated how this emmbeded links works on X network.
The attacker spoofed the embedded URL as a x (Twitter) card, assigning various destinations depending on the user-agent.
When X attempts to embed and generate a post card with a preview image, it verifies the location of the posted URL. What we've created is a script that identifies the User-Agent crawling that page and responds with a distinct location, as shown in the image below.
More details about this type of attack can be found in this article.
Upon attempting to connect, users unwittingly grant the imposter "Calendly" permissions that can be exploited to act on their behalf within their X account. This marks the initiation of a series of malicious actions, including the creation of fake websites and posts on X. These posts, often featuring limited edition offers or enticing links, are strategically designed to lure followers into clicking on a wallet-draining website.
To safeguard against falling victim to this scam, it is imperative never to connect your wallet, X account, or any sensitive information in response to random direct messages. In the unfortunate event that you have connected your account, promptly navigate to Settings > Security & Account Access > Apps & Sessions > Connected Apps and revoke the application.
Stay informed, stay safe, and remain vigilant against the ever-evolving landscape of social engineering threats.
We would like to thank to @NFT_Dreww.eth for researching this type of attack.