An elaborate crypto scam is using Google Calendar invites to hijack verified X accounts
Cryptocurrency scammers are using a sophisticated phishing method against a number of prominent political figures and journalists, compromising dozens of accounts to push coins.
In one instance, scammers even created a deepfake of one of the victims, saying his account had not been hacked.
They also used other compromised accounts to respond to the posts shilling coins, insisting they were legitimate.
In one, Rachel Campos-Duffy, the wife of Trump's Transportation Secretary Sean Duffy, replied to a crypto plug on journalist Kyle Griffin's account.
"he is not hacked talking rn facetime," Campos-Duffy's account replied.
The targeted users, most of whom are verified, saw their accounts share posts about crypto coins in recent days despite no signs that they were hacked.
"This was posted to my X account a few minutes ago (I deleted immediately)," wrote Aaron Rupar, a prominent left-wing journalist with over 922,000 followers. "To my knowledge I have not been hacked, was not the victim of a phishing scam, and I have two factor on. What could possibly explain it?"
Others, such as Micah Erfan, a member of the Texas Democratic Party, similarly revealed his account was used to push cryptocurrency despite his security settings.
"If you want any more evidence that Elon ruined this site, I just was momentarily hacked despite having two factor authentication on," he tweeted.
However, the hack doesn't appear to rely on obtaining a user's email and password like in traditional phishing attacks. Numerous users confirmed that the account intrusion took place after they were were sent a direct message inquiring about potential interviews.
The hackers, often posing as belonging to media outlets such as Tech Crunch, sent links that appeared to originate from Google Calendar or Calendly as part of an alleged effort to schedule a discussion.
Journalist Ryan Grim alleged that at least six separate accounts posing as journalists reached out to him as well.
It remains unclear if all the messages are part of a singular campaign or if the method is being utilized by multiple individuals and groups.
Those who click the link unknowingly enable an attack that grants a third-party app access to their X account, allowing the scammers to post to their page without ever needing their login credentials, and users potentially never noticing.
Cybersecurity expert Mike Grover, who was also targeted by the scam, shared the DMs he received that also used the calendar invite attack.
Most responded by quickly deleting the offending posts.
Concerned users, though, should access their settings and find the "Security and account access" section, select "Apps and sessions," and make sure no unauthorized apps are listed under "Connected apps."
Internet culture is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here. You’ll get the best (and worst) of the internet straight into your inbox.
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
The post An elaborate crypto scam is using Google Calendar invites to hijack verified X accounts appeared first on The Daily Dot.