Oddbean new post about login | logout Help I think I am being scammed by someone who pretends to work ar Blockworks They pitched me for an interview but I cannot find any evidence of them working at Blockworks. They’ve asked me to click a Calendly link. Plus - they have zero followers on twitter from people I know. - I asked someone at Blockworks if they know them and they said they’d never heard of them. - it just seems a bit scammy. Here is the link they provided - can you tell what it is / what they are trying to get?? Please don’t click the link unless you know what you’re doing! Link : https://t.co/WNIXDHgegj https://i.nostr.build/qQGB.png https://i.nostr.build/4KRG.png
Noooo looks scammy AF dude Have them email you the link from a Blockstream email address (and even ask them to cc their manager or whomever you’d meet with) Not a guarantee but it’s a higher bar than Twitter DMs
I'm pretty sure that's not even a calendly link. Its comes from a calendly.oauth5.center domain
If this is true, report it to twitter. Their security team should know about this. There is nothing in the page that tells you this and that is a security hole. A big gaping security hole.
Good points thank you
Twitter Security is worthless and incompetent. Fraud and scams are like roaches over there. I used to report impersonation accounts but I’m pretty sure they’ll keep spawning regardless.
That's a different type of thing. This is an objective problem that is probably a violation of basic OWASP security tenents that are expected of all companies today.
Expected, or required and enforced? Asking to understand. If required, that would obviously provide us some leverage.
Expected afaik. But I might be wrong, it might not fit in the realm of OWASP, but it is a glaringly obvious security flaw that any respectable team would get onto fixing asap. It's a small change for large benefit. This is contrary to spam and fake account detection which requires constant monitoring and manual intervention because it is very easy to catch false positives and for people to work around when the problem is more subjective than objective.
I think a lot of fraud, spam, and scam account creation problems could be solved with requiring a small refundable deposit with every account type. Ideally Lightning. But sadly, they’ll probably never do that because all the bot accounts fluff their advertising “views”
That's a lot of permissions. They can delete posts, add posts, just to be able to serve you a calendar? I think any bitcoin related company would be okay finding another way to set up a call if you explain that you don't want to give all those permissions to some third party. Alternatively create a second twitter account and tell them you're using that to log in. This way they have full access to an empty account.
Scammer
Your post here seems scammy. Of course this is a scam, are you slow? Why would you share it with the link? You are now on the questionable list. 👀🧐
It’s not. I’m asking for help. Maybe i am slow
100% scam, so many red flags. In future don’t recommend posting a scammy/questionable link here. Stay safe out there everyone.
I said don’t click the link which people would’ve asked for anyway. Savvy techie people use Nostr and I’m grateful for their responses
