I just fell for one of the best scams I've seen on X.
Here's what you need to know (and how to avoid it):
1. The intro
On Thursday last week, I received a message from "Marthe" at TechCrunch offering to do a podcast conversation about AI.
I do a lot of media collaborations, so I thought this could be a nice opportunity.
Her profile looked normal with TechCrunch article reposts.
2. The layup
I asked Marthe to get in touch with my head of partnerships to schedule a time.
However, she was insistent on agreeing to something in the DM.
This was when she sent the "Google Calendar" link...
3. The link
X automatically shortens links in DMs to a https://t.co/JbhJHyvnZU link, which hides the true URL.
What's more, the styling of the URL card looks like it will take you to a Google Calendar scheduling page.
Here's what happened when I clicked through...
4. Authorization
When I clicked on the link, it took me to a page to enable authorisation to "Google Calendar".
This is the crux of the scam.
After clicking "Authorize app" it took me to a calendly scheduling link.
I was none the wiser for what was about to happen.
5. Loss of control
After scheduling a call, I had it in my diary as "Pre Discussion with Pre Discussion".
I was a little hesitant when I saw this invite, but I didn't think much of it.
But yesterday, my bio was updated (without me).
6. Bio update
Yesterday, I saw my bio was updated.
I knew my account had been compromised, but I didn't know how.
That was until I went for the intro call today and saw the calendar link was empty.
I also checked the sender of the calendar invite—immediate red flag.
7. Realisation
After seeing a blank call invite with no meeting link today, I connected the dots.
They were able to update my bio after I authorised permission to an application that clearly wasn't Google Calendar.
I immediately removed the "Google Calendar" connected app.
8. Reflections
This is the first time I've fallen for a scam of this kind.
• This was one of the most sophisticated account entries I've seen
• It was able to hide the true URL and malicious intent
• It targeted me in a very personalised way
9. Reflections (2)
• Always verify who you're speaking with
• Always verify the links/apps you're using/authorising
• Always have 2FA enabled with an auth app
I don't want you falling for something similar—I hope this helps.
I just fell for one of the best scams I've seen on X.
Here's what you need to know (and how to avoid it): 1. The intro
On Thursday last week, I received a message from "Marthe" at TechCrunch offering to do a podcast conversation about AI.
I do a lot of media collaborations, so I thought this could be a nice opportunity.
Her profile looked normal with TechCrunch article reposts. 2. The layup
I asked Marthe to get in touch with my head of partnerships to schedule a time.
However, she was insistent on agreeing to something in the DM.
This was when she sent the "Google Calendar" link... 3. The link
X automatically shortens links in DMs to a https://t.co/JbhJHyvnZU link, which hides the true URL.
What's more, the styling of the URL card looks like it will take you to a Google Calendar scheduling page.
Here's what happened when I clicked through... 4. Authorization
When I clicked on the link, it took me to a page to enable authorisation to "Google Calendar".
This is the crux of the scam.
After clicking "Authorize app" it took me to a calendly scheduling link.
I was none the wiser for what was about to happen. 5. Loss of control
After scheduling a call, I had it in my diary as "Pre Discussion with Pre Discussion".
I was a little hesitant when I saw this invite, but I didn't think much of it.
But yesterday, my bio was updated (without me). 6. Bio update
Yesterday, I saw my bio was updated.
I knew my account had been compromised, but I didn't know how.
That was until I went for the intro call today and saw the calendar link was empty.
I also checked the sender of the calendar invite—immediate red flag. 7. Realisation
After seeing a blank call invite with no meeting link today, I connected the dots.
They were able to update my bio after I authorised permission to an application that clearly wasn't Google Calendar.
I immediately removed the "Google Calendar" connected app. 8. Reflections
This is the first time I've fallen for a scam of this kind.
• This was one of the most sophisticated account entries I've seen
• It was able to hide the true URL and malicious intent
• It targeted me in a very personalised way9. Reflections (2)
• Always verify who you're speaking with
• Always verify the links/apps you're using/authorising
• Always have 2FA enabled with an auth app
I don't want you falling for something similar—I hope this helps.
yes
