The scammer posted a malicious message urging readers to revoke approvals using a fake Revoke.cash app.
A phishing scammer who posed as a Forbes reporter briefly gained access to the X (formerly Twitter) account of blockchain security platform CertiK and used it to post messages advertising a malicious Web3 app, according to a Jan. 5 X post from CertiK.
The malicious messages were discovered within seven minutes of them being posted, CertiK claimed, and the team immediately began a recovery process to remove the attacker's access to its X account. Within 14 minutes, the team managed to delete the first of the malicious posts. After 37 minutes, the team’s investigation was over and the danger was neutralized.
CertiK claimed that the scam was part of “a large scale ongoing attack” similar to the one described by X user NFT_Dreww.eth in a Dec. 21 post. NFT_Dreww.eth had described a phishing scam in which the attacker posed as a Forbes reporter and asked victims to connect their X accounts to the Calendly calendar app to schedule a meeting. The links did not actually go to Calendly’s official website. Instead, they went to a fake Calendly site with a misspelled URL. Once the victim “connected” their X account to the fake site, they unwittingly approved permissions for the attacker to post to X on their behalf.