Photo by Amelia Holowaty Krales / The Verge
If you get a message from someone at The Verge asking to schedule an interview about cryptocurrency, don’t do it. There’s a phishing scam going around that attempts to trick users into clicking on a fake Calendly link to “schedule” phony interviews in order to steal Discord credentials for a wallet-draining scam.
We recently discovered that a bad actor has been impersonating Verge science reporter Justine Calma to carry out this scam. Justine recently changed her handle on X (formerly Twitter) from @justcalma to @justinecalmajourno. The scammer hijacked her old handle @justcalma — which was still present on her Verge profile at the time — and leveraged her identity when messaging users about a fake interview.
Screenshot by Emma Roth / The Verge
This fake Calendly page asks users to “authorize” their Discord account.
If a victim said they were interested, the bad actor would send them a link to a phishing site disguised as a Calendly page. The page attempts to steal the victim’s credentials by asking them to “authorize” their Discord account to schedule the interview. Based on how other Calendly scams have played out in recent weeks, the attacker would then likely use the victim’s credentials to gain access to their Discord or other social media accounts and share a crypto wallet-draining scam with users.
Reporters from The Verge aren’t the only ones attackers are impersonating. Earlier this month, the blockchain security platform CertiK was contacted on X by an attacker pretending to be a reporter from Forbes who asked to schedule an interview through Calendly. After following through with the scam, bad actors gained access to CertiK’s X account, which currently has around 346,000 followers. The attacker posted a tweet that warned users about a fake exploit. It prompted them to use a malicious link to the Revoke.cash crypto website that would empty the wallets of unknowing users.
Other users on X are reporting similar scams involving Calendly, with attackers also impersonating people who work at The Wall Street Journal, Bankless, Nasdaq, and the Nearweek newsletter. Last year, BleepingComputer said hackers managed to steal $3 million by impersonating crypto news journalists from outlets like Decrypt and Cointelegraph and hijacking victims’ Discord accounts. A scammer impersonating The Verge’s Nathan Edwards on Telegram and Discord contacted at least one crypto startup in June 2023.
While the scam seems to be primarily targeting users involved in the crypto industry, it’s still best to remain vigilant any time you receive links to Calendly or other form sites — especially when they ask you to link your social media accounts. Make sure the link you receive is legitimate by checking it against the actual domain it’s trying to bring you to. That means closely looking for misspellings, added hyphens, or other discrepancies between the real URL and the one you received, as scammers often try to make their phony URL look as close to the real thing as possible. The fake Calendly site used in the current iteration of this scam, which is different from the one used in the CertiK attack in December, is still online as of this writing.