If you receive a message from someone on… the edge If you ask to schedule an interview about cryptocurrency, don't do it. There's a phishing scam that attempts to trick users into clicking on a fake Calendly link to “schedule” fake interviews in order to steal Discord credentials for a wallet-draining scam.
We recently discovered that a bad actor was impersonating a character edge Science reporter Justin Calma to carry out this scam. Justine recently changed her X (formerly Twitter) account name from @justcalma to @justinecalmajourno. The scammer hijacked her old account @justcalma, which was still there edge profile at the time – and leveraged her identity when messaging users about a fake interview.
If the victim says she's interested, the bad actor will send her A link to a phishing site disguised as a Calendly page. The page attempts to steal the victim's credentials by asking them to “authorize” their Discord account to schedule the interview. And based on how other Calendly scams have played out in recent weeks, it's possible the attacker would then use the victim's credentials to access Discord or other social media accounts and share a cryptocurrency wallet-draining scam with users.
Reporters from the edge They're not the only ones being impersonated by attackers. Earlier this month, a blockchain security platform was launched Contacted CertiK on X By an attacker pretending to be a reporter from Forbes Who requested to schedule an interview through Calendly. Following the scam, the bad actors gained access to CertiK's X account, which currently has around 346,000 followers. The attacker posted a tweet warning users about a fake exploit. This led them to use a malicious link to the crypto website Revoc.cash that would empty the wallets of unknown users.
While the scam appears to be primarily targeting users involved in the cryptocurrency industry, it's still best to remain vigilant anytime you receive links to Calendly or other modeling sites — especially when they ask you to link your social media accounts. Make sure the link you receive is legitimate by checking it against the actual domain it is trying to take you to. This means looking closely for misspellings, added hyphens, or other differences between the real URL and the one you received, as scammers often try to make their fake URL look as close to the real one as possible. The fake Calendly site used in the current version of this scam, which is different from the site used in the CertiK attack in December, is still online as of this writing.
