Phishing Campaign Targets Crypto Influencers via Fake Google Calendar Links on X

A covert phishing campaign on X platform uses malicious Google Calendar links to bypass passwords and two-factor authentication, compromising multiple crypto community accounts.

169d ago

Summary

A covert phishing attack on the X platform has exploited its app authorization mechanism, bypassing both passwords and two-factor authentication, to compromise multiple cryptocurrency community accounts. The attack involved phishing messages disguised as Google Calendar links, tricking victims into authorizing a malicious 'Calendar' app with full account control. Security experts recommend removing suspicious apps from the authorized applications page to prevent further compromises.

Terms & Concepts

Phishing Attack: A type of cybercrime where attackers impersonate legitimate entities to trick individuals into revealing sensitive information or credentials.
Two-Factor Authentication (2FA) Bypass: A security breach method that circumvents the additional layer of account protection provided by 2FA, enabling unauthorized access.
Crypto KOL: Key Opinion Leaders in the cryptocurrency industry who hold significant influence over market sentiment and trends.